Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

using lambda as the identity broker to access AWS Console

0

Hi, I create an identity broker to access AWS Console by following the 'Example code using Python' in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html. It works on my desktop. I can run the python code and generate valid AWS Console URL with assume role. However, when I migrate the code into lambda by assuming the same role, I failed at requests.get(request_url) with 400 error. In my code, lambda has assumed the role successfully. Why the assumed role can generate AWS Console url in my desktop but failed in lambda?

Temas
Sin servidorCálculoSeguridad, identidad y cumplimiento
Etiquetas
AWS LambdaAWS Identity and Access Management
Idioma
English
AWS
Huiqing Ni
preguntada hace 2 años290 visualizaciones
1 Respuesta
0

What role and policies does your deployed Lambda function have? If it doesn't have permission to assume the role, then I think you will get the error you described.

Usually your development user/role will have more permissions than a deployed Lambda function, but it depends on the deployed function role.

profile picture
rowanu
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante