如何使用CDK向Lambda函数添加权限?

2024-05-14 15:21:42 发布

您现在位置:Python中文网/ 问答频道 /正文
891 3

我有一个Lambda函数,它利用AWS Python SDK来管理AWS CodeCommit存储库。我使用CDK创建Lambda函数,如下所示:

from aws_cdk import aws_lambda as _lambda
from aws_cdk.aws_lambda_python import PythonFunction

service = PythonFunction(
    self, 'Svc',
    entry='./path/to',
    index='file.py',
    runtime=_lambda.Runtime.PYTHON_3_8,
    handler='handler',
)

部署后,我运行Lambda函数,出现以下错误并发送到CloudWatch日志:

An error occurred (AccessDeniedException) when calling the GetRepository operation: User: arn:aws:iam::XXXXXXXXXXXX:user/XXXX is not authorized to perform: codecommit:GetRepository on resource: arn:aws:codecommit:us-east-1:XXXXXXXXXXXX:XXXX

如何允许Lambda函数在我的帐户中的任何存储库上调用codecommit:GetRepository


Tags: tolambda函数fromimportawsarnhandler
1条回答
网友
1楼 · 发布于 2024-05-14 15:21:42

创建IAM策略语句并将其添加到职能部门的角色策略:

from aws_cdk import aws_iam as iam

service.add_to_role_policy(iam.PolicyStatement(
    effect=iam.Effect.ALLOW,
    actions=[
        'codecommit:*',
    ],
    resources=[
        'arn:aws:codecommit:us-east-1:XXXXXXXXXXXX:*',
    ],
))

相关问题 更多 >

    编程相关推荐

    热门问题