1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
The Lambda Policy has a resource policy that allows it to be accessed by the Congito user pool in the form of:
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": ",<Some SID>",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:<region>:<AWS Account>:function:<Lambda function name>",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:cognito-idp:<region>:<AWS Account>:userpool/<User Pool ID>"
}
}
}
]
}
But the Lambda function still executes as lambda.amazonaws.com
and must be authorized as such through the Lambda Execution Role associated to the Lambda function.
con risposta un anno fa
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
Ahhhh that's much clearer now. The lambda still runs as
lambda.amazonaws.com
but you have to givecognito-idp.amazonaws.com
permission to invoke it. Thanks very much for explaining!