AWS API Gateway:允许另一个AWS账户中的Lambda函数访问API。

huangapple go评论132阅读模式
英文:

AWS API Gateway : Allowing access to API from a lamba function in another AWS account

问题

我已创建了一个使用Lambda和API Gateway的REST API。

我想要为这个API授予另一个在另一个AWS帐户中运行的Lambda函数访问权限。

我考虑创建此API的基于IAM的授权。但我不确定跨AWS帐户的IAM授权是否可行?

有更好的建议吗?

英文:

I have created a REST API using lambda and API gateway.

I want to give access for this API to another lambda function which is running in another AWS account.

I was thinking to create IAM based authorisation for this API. But I am not sure if this cross-AWS account based IAM authorisation is feasible?

Any better suggestions?

答案1

得分: 1

你可以在目标帐户中扮演一个角色,然后使用临时凭证直接调用Lambda函数。这种方法不需要与API网关集成。

如果API是公开可用的,你还可以从任何地方使用IAM身份验证。你将需要存储指定的凭证。

参考链接:

https://aws.amazon.com/premiumsupport/knowledge-center/lambda-function-assume-iam-role/

英文:

You can assume a role in the target account and then invoke the lambda directly using the temporary credentials. This method does not require an integration with API gateway.

You can also use IAM Authentication from anywhere if the API is publicly available. You will have to store the designated credentials.

Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/lambda-function-assume-iam-role/

huangapple
  • 本文由 发表于 2020年1月6日 20:34:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/59612225.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定