英文:
How do I assign an existing custom IAM role as execution role for a lambda
问题
我正在尝试分配通过AWS控制台创建的现有角色,但我遇到错误 Resource handler returned message: "The role defined for the function cannot be assumed by Lambda.
const customRole = Role.fromRoleName(this, "MyAPIRole", "EXISTINGEXECUTIONROLENAME")
.
.
.
this.lambdaFunction = new Function(this, 'CrispSkillUpdateBot', {
functionName: ,
description: ,
code: ,
handler: 'xyz.lambda_handler',
role: customRole,
memorySize: 512,
timeout: Duration.seconds(30),
runtime: Runtime.PYTHON_3_8,
});
我遇到错误 Resource handler returned message: "The role defined for the function cannot be assumed by Lambda.
英文:
I am trying to assign an existing role created via AWS console, but I face an error Resource handler returned message: "The role defined for the function cannot be assumed by Lambda.
const customRole = Role.fromRoleName(this,"MyAPIRole", "EXISTINGEXECUTIONROLENAME")
.
.
.
this.lambdaFunction = new Function(this, 'CrispSkillUpdateBot', {
functionName: ,
description: ,
code: ,
handler: 'xyz.lambda_handler',
role: customRole,
memorySize: 512,
timeout: Duration.seconds(30),
runtime: Runtime.PYTHON_3_8,
});
I face an error Resource handler returned message: "The role defined for the function cannot be assumed by Lambda.
答案1
得分: 2
这不一定是与CDK相关的问题。您的角色需要一个信任策略,允许AWS Lambda服务主体来假定该角色。
查看文档。所需的信任策略如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
如果您的自定义角色也是通过CDK创建的,您可以使用以下方式:
const customRole = new Role(this, 'Role', {
// ...
assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
});
英文:
This is not a CDK-related problem necessarily. Your role needs a Trust Policy that allows AWS Lambda service principal to assume the role.
Check out the documentation. The required trust policy is:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
If your custom role was also created in CDK, you could use the following:
const customRole = new Role(this, 'Role', {
// ...
assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
});
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论