By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

你如何授予iot:DescribeEndpoint权限给lambda ?

0

【以下的问题经过翻译处理】 如何将一个操作添加到默认的Lambda角色中?

        const p = new iam.ServicePrincipal('lambda.amazonaws.com');
        const role = new iam.Role(this, "someExecRoleID", {
                roleName: "someExecRole",
                assumedBy: p
            });
        role.grant(p, "iot:DescribeEndpoint");

        const serviceLambda = new nodejs.NodejsFunction(this, "WashnetEndpoints", {
                /* stuff deleted */
                handler: "getMqttEndpoint",
                role: role,
            }
        );

下面的错误,是因为我使用了lambda.amazonaws.com的service principal吗?

"AccessDeniedException: User: arn:aws:sts::312345678:assumed-role/blah is not authorized to perform: iot:DescribeEndpoint because no identity-based policy allows the iot:DescribeEndpoint action",
Topics
Internet of Things (IoT)ServerlessComputeSecurity, Identity, & Compliance
Tags
AWS IoT CoreAWS LambdaIAM Policies
Language
中文 (简体)
profile picture
EXPERT
rePost Polyglot
asked 6 months ago3 views
1 Answer
0

【以下的回答经过翻译处理】 找到了文档(这通常是最困难的部分!)...似乎需要在resource部分配置“*”

profile picture
EXPERT
rePost Polyglot
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content