Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

DescribeEndpoint from inside a lambda

0

I am setting up a CF stack using the CDK. I am planning on having API gateway host a Lambda function to return the IoT Core mqtt endpoint for my remote IoT clients.

Is there a way within the SDK to call DescribeEndpoint from inside the lambda, or do I have to fetch() it from the URL? I'm not quite sure how I would go about calling that, since it needs account permissions.

Inside my Lambda, I'm trying this:

export async function getMqttEndpoint(request: APIGatewayProxyEventV2): Promise<APIGatewayProxyResultV2> {
    const client = new IoTClient({});

    const command = new DescribeEndpointCommand({
        endpointType: "iot:Data"
    });

    return client.send(command)
        .then((response) => {
            return {
                body: response.endpointAddress
            }
        });
}
Themen
Internet der Dinge (IoT)ServerlosKalkulationFrontend-Web & MobileVernetzung & Bereitstellung von InhaltenEntwicklertools
Tags
AWS IoT CoreAWS LambdaAmazon API-GatewayEntwicklertools
Sprache
English
profile picture
wz2b
gefragt vor 2 Jahren200 Aufrufe
1 Antwort
0
Akzeptierte Antwort

ok I figured it out. I just didn't have the right permissions granted to the lambda.

In case anybody ever needs this in the future, here's how I did this in CDK:

        const extraPolicyStatements = new iam.Policy(this, 'describe-endpoint-policy', {
            statements: [
                new iam.PolicyStatement({
                    actions: ["iot:DescribeEndpoint"],
                    resources: ["*"]
                }),
                new iam.PolicyStatement({
                    actions: ["logs:CreateLogGroup"],
                    resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:*`]
                }),
                new iam.PolicyStatement({
                    actions: [
                        "logs:CreateLogStream",
                        "logs:PutLogEvents"
                    ],
                    resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:log-group:/aws/lambda/*:*`]
                })
            ]
        });

        const role = new iam.Role(this,
            "abcdEndpointExecRole", {
                roleName: "abcdEndpointExecRole",
                assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
                inlinePolicies: {
                    "describe": extraPolicyStatements.document
                }
            });

then gave that to the Lambda as its role. Not sure that's the best way or not but it is readable and it wroks.

profile picture
wz2b
beantwortet vor 2 Jahren
  • Ozy smile
    vor 2 Jahren

    Are you making sure that CF will not do any caching?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt