2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello.
Are you accessing the Lambda URL directly?
Are you accessing the CloudFront URL (https://example.cloudfront.net/) instead of the Lambda URL?
Also, is the CloudFront distribution ID set in the Lambda resource-based policy correct?
0
Ok, I found what I missed ! The Policy was good BUT the function URL Auth type must be set to "AWS_IAM" ! This part was not described in the AWS documentation. Thanks for your help @Riku_Kobayashi
Here is my policy that works :
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "lambda:InvokeFunctionUrl",
"Resource": "arn:aws:lambda:region:accountid:function:myFunction",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:cloudfront::accountid:distribution/distribID"
}
}
}
]
}
```
답변함 한 달 전
@willysup - I am having similar issues however it only doesn't work when I send a POST with body data to CF to send to the lambda. If you POST with body data does it succesfully send to your lambda?
관련 콘텐츠
AWS 공식업데이트됨 2년 전
I can't access the URL, directly or using the distribution url. Always the same error : {"Message":"Forbidden"} On the lambda ressource-based policy, il I add the default public policy, the url is accessible (directly or using cloudfront url).
By the way, is the authentication method for the Lambda function URL set to IAM authentication?
If the authentication method is IAM, you can access it from CloudFront if the following resource-based policy is set for Lambda.
If the authentication method was "NONE", access was not possible without the following resource-based policy.
No it is not, as the documentation does not ask to configure it. This is the configuration described in the doc :
But I tried to set it, but it doesn't seemed to work either. This is my current Lambda Policy (without IAM autnentication):
I tried this one but it doesn't work either: