1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
0
ok I figured it out. I just didn't have the right permissions granted to the lambda.
In case anybody ever needs this in the future, here's how I did this in CDK:
const extraPolicyStatements = new iam.Policy(this, 'describe-endpoint-policy', {
statements: [
new iam.PolicyStatement({
actions: ["iot:DescribeEndpoint"],
resources: ["*"]
}),
new iam.PolicyStatement({
actions: ["logs:CreateLogGroup"],
resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:*`]
}),
new iam.PolicyStatement({
actions: [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:log-group:/aws/lambda/*:*`]
})
]
});
const role = new iam.Role(this,
"abcdEndpointExecRole", {
roleName: "abcdEndpointExecRole",
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
inlinePolicies: {
"describe": extraPolicyStatements.document
}
});
then gave that to the Lambda as its role. Not sure that's the best way or not but it is readable and it wroks.
respondido há 2 anos
Conteúdo relevante
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há um ano
Are you making sure that CF will not do any caching?