时间戳

首页 > 解决方案 > 资源处理程序返回消息:“为函数定义的角色不能由 Lambda 承担”

amazon-web-services - 资源处理程序返回消息:“为函数定义的角色不能由 Lambda 承担”

问题描述

这是我的 lambda ctf,当我将它部署到 cloudformation 时,我收到了这个错误,我用谷歌搜索了它,但没有找到解决我问题的答案,谁能帮我解决这个问题?

资源处理程序返回消息:“Lambda 无法承担为函数定义的角色。(服务:Lambda,状态代码:400,请求 ID:b1484f34-b9b3-4000-af95-5a483649fb40,扩展请求 ID:null)”(RequestToken : 9da1e852-6e03-80c5-e72c-cb978a6bce0f, HandlerErrorCode: InvalidRequest)

ConfigurationLambdaRole:
    Type: "AWS::IAM::Role"
    Properties:
      RoleName: 'configuration-sqs-lambda1'
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - events.amazonaws.com
                - s3.amazonaws.com
            Action:
              - sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonSQSFullAccess
        - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess

  ConfigurationLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Description: 'configuration service with lambda'
      FunctionName: 'configuration-lambda1'
      Handler: lambda.handler.EventHandler::handleRequest
      Runtime: java8
      MemorySize: 128
      Timeout: 120
      Code:
        S3Bucket: configurationlambda
        S3Key: lambda-service-1.0.0-SNAPSHOT.jar
      Role: !GetAtt ConfigurationLambdaRole.Arn

  ConfigurationLambdaInvokePermission:
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName:
        Fn::GetAtt:
          - ConfigurationLambdaFunction
          - Arn
      Action: 'lambda:InvokeFunction'
      Principal: "sqs.amazonaws.com"
      SourceArn: 'arn:aws:s3:::configurationlambda'

标签: amazon-web-servicesaws-lambdaamazon-cloudformation

解决方案

您的角色不允许 Lambda 服务代入它。和锡纸上写的差不多。

一个简单的解释是 Lambda 服务在您的函数执行环境中担任 IAM 角色,并且该环境在执行函数代码时将具有必要的权限和访问密钥。更多详细信息:https ://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

因此处理程序角色AssumeRolePolicyDocument应该有类似的布局:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

推荐阅读