1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
The Lambda Policy has a resource policy that allows it to be accessed by the Congito user pool in the form of:
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": ",<Some SID>",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:<region>:<AWS Account>:function:<Lambda function name>",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:cognito-idp:<region>:<AWS Account>:userpool/<User Pool ID>"
}
}
}
]
}
But the Lambda function still executes as lambda.amazonaws.com
and must be authorized as such through the Lambda Execution Role associated to the Lambda function.
回答済み 1年前
関連するコンテンツ
- AWS公式更新しました 2年前
Ahhhh that's much clearer now. The lambda still runs as
lambda.amazonaws.com
but you have to givecognito-idp.amazonaws.com
permission to invoke it. Thanks very much for explaining!