AWS API Gateway Lambda 授权者是否可以授予资源来访问 S3
我有一个AWS API Gateway Lambda Authorizer,它根据用户权限构建策略。目前,它允许该特定用户执行 GET /users 端点:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"execute-api:Invoke"
],
"Resource": "arn:aws:execute-api:{region}:{aws-id}:{api-id}/*/GET/users",
"Effect": "Allow"
}
]
}
我还希望执行的 lambda 函数能够在我的 s3 存储桶上执行 GetObject 操作,任何想法为什么以下不起作用:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"execute-api:Invoke"
],
"Resource": "arn:aws:execute-api:{region}:{aws-id}:{api-id}/*/GET/users",
"Effect": "Allow"
},
{
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::{bucket-name}/*"
],
"Effect": "Allow"
}
]
}
这里的关键这些权限是特定于用户的,因此我希望根据用户权限为每个端点构建权限。
I have an AWS API Gateway Lambda Authorizer that constructs a policy based on the users permissions. Currently it allows this particular user to execute the GET /users endpoint:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"execute-api:Invoke"
],
"Resource": "arn:aws:execute-api:{region}:{aws-id}:{api-id}/*/GET/users",
"Effect": "Allow"
}
]
}
I would also like the lambda function which is executed to be able to perform a GetObject action on my s3 bucket, any ideas why the following doesn't work:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"execute-api:Invoke"
],
"Resource": "arn:aws:execute-api:{region}:{aws-id}:{api-id}/*/GET/users",
"Effect": "Allow"
},
{
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::{bucket-name}/*"
],
"Effect": "Allow"
}
]
}
The key here is that these permissions are user-specific and so i was hoping to construct the permission for each endpoint as per the users permissions.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论