0
我正在嘗試使用BOTO3創建調用lambda函數的Api網關方法。到目前爲止,我一直無法找到如何授予必要的權限。授予AWS Api網關權限使用BOTO3調用Lambda函數
奇怪的是,通過AWS控制檯手動設置lambda方法名稱會自動設置權限。我一直無法在代碼中複製它。
這是我使用的設置網關的代碼:用適當的許可外被設置爲網關調用拉姆達
# Create a rest api
self.rest_api = self.apigateway.create_rest_api(
name='AWS_CMS_Operations'
)
# Get the rest api's root id
root_id = self.apigateway.get_resources(
restApiId=self.rest_api['id']
)['items'][0]['id']
# Create an api resource
api_resource = self.apigateway.create_resource(
restApiId=self.rest_api['id'],
parentId=root_id,
pathPart='AWS_CMS_Manager'
)
# Add a post method to the rest api resource
api_method = self.apigateway.put_method(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
authorizationType='NONE'
)
# Add an integration method to the api resource
self.apigateway.put_integration(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
type='AWS',
integrationHttpMethod='POST',
uri=self.create_api_invocation_uri()
)
# Set the put method response for the api resource
self.apigateway.put_method_response(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
statusCode='200',
responseModels={
'application/json': 'Empty'
}
)
# Set the put integration response for the api resource
self.apigateway.put_integration_response(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
statusCode='200',
responseTemplates={
'application/json': ''
}
)
# Create a deployment of the rest api
self.apigateway.create_deployment(
restApiId=self.rest_api['id'],
stageName='prod'
)
# Give the api deployment permission to trigger the lambda function
self.lmda.add_permission(
FunctionName=self.lmda_function['FunctionName'],
StatementId='apigateway-production-aws-cms',
Action='lambda:InvokeFunction',
Principal='apigateway.amazonaws.com',
SourceArn=self.create_api_permission_uri(api_resource)
)
,一切工作正常。
這存在於我的問題的代碼中。 api網關仍然被拒絕訪問。 –
我的不好,沒有看到。你也可以提供self.create_api_permission_uri(api_resource)的來源 –
解決了這個問題。它與我正在產生的ARN有關。需要一個通配符。 –