我试图用CloudFormation创建一个Api-Gateway作为Lambda代理。在Lambda函数上获得正确的权限似乎存在问题,即使我已经全面查看并似乎尝试了一切可能,但我无处可去。围绕一些重要的小细节的文档似乎缺少,(或者我只是曲解它们?)。CloudFormation:Lambda函数的无效权限
以下是我有:
{
"Description": "",
"Parameters": {
"IngressLambdaName": {
"Type": "String",
"Description": "Name of the lambda behind Api Gateway",
"Default": "LambdaIngress"
}
},
"Mappings": {
},
"Resources": {
"ApiGatewayToLambdaRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": [ "apigateway.amazonaws.com" ]
},
"Action": "sts:AssumeRole"
}]
},
"Policies": [{
"PolicyName": "ApiGatewayToLambdaPolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": "*"
}]
}
}]
}
},
"IngressLambda":{
"Type": "AWS::Lambda::Function",
"Properties": {
"Handler": "index.handler",
"FunctionName": {"Ref": "IngressLambdaName"},
"Runtime": "nodejs4.3",
"Role": { "Fn::GetAtt": ["**Role that isn't shown here**", "Arn"]},
"Code": {
"ZipFile": { "Fn::Join": ["", [
"exports.handler = function(event, context) {",
" console.log('invoked the lambda!');",
" context.succeed({statusCode: 200, headers: {}, body: JSON.stringify({message: 'invoked the lambda!'})});",
"};"
]]}
}
}
},
"IngressLambdaPermission":{
"Type" : "AWS::Lambda::Permission",
"Properties" : {
"Action" : "lambda:InvokeFunction",
"FunctionName" : { "Ref" : "IngressLambdaName"},
"Principal" : "apigateway.amazonaws.com",
"SourceArn" : {"Fn::Sub": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/*/POST/*"}
},
"DependsOn": ["IngressLambda"]
},
"RestApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "API Gateway"
}
},
"TagModel": {
"Type": "AWS::ApiGateway::Model",
"Properties": {
"ContentType": "application/json",
"Name": "Tag",
"RestApiId": { "Ref": "RestApi" },
"Schema": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "TagModel",
"type": "object",
"properties": {
"payload": {"type": "object"},
"domain": {"type": "string"}
}
}
}
},
"TagsResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": { "Ref": "RestApi" },
"ParentId": { "Fn::GetAtt": ["RestApi", "RootResourceId"] },
"PathPart": "tag"
}
},
"TagsPost": {
"Type": "AWS::ApiGateway::Method",
"Properties": {
"ApiKeyRequired": "False",
"AuthorizationType": "NONE",
"HttpMethod": "POST",
"RestApiId": {"Ref": "RestApi"},
"ResourceId": { "Fn::GetAtt": ["RestApi", "RootResourceId"] },
"Integration": {
"Type": "AWS_PROXY",
"IntegrationHttpMethod": "POST",
"PassthroughBehavior": "NEVER",
"Uri": {"Fn::Join" : ["", ["arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/", {"Fn::GetAtt": ["IngressLambda", "Arn"]}, "/invocations"]]}
}
}
},
"RestApiDeployment": {
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"RestApiId": { "Ref": "RestApi" },
"StageName": "v1"
},
"DependsOn": ["RestApi", "TagModel", "TagsResource", "TagsPost"]
},
},
"Outputs": {
}
}
当运行在AWS门户网站控制台API网关的测试,我得到的错误:Execution failed due to configuration error: Invalid permissions on Lambda function
这是推动我疯了。这里的任何方向都会很棒。我猜想我的权限在某种程度上是错误的,但我不知道如何(这是我与文档争执的地方)。
我提供我的回答能解决你所描述的问题,一个完整的工作模板。如果您的问题仍未得到解答,请添加更多详细信息(例如,[最小,完整且可验证的示例](http://stackoverflow.com/help/mcve),其中包含您当前模板的确切源代码尝试仍然有问题)。 – wjordan