1 Answer
- Newest
- Most votes
- Most comments
1
ok I figured it out. I just didn't have the right permissions granted to the lambda.
In case anybody ever needs this in the future, here's how I did this in CDK:
const extraPolicyStatements = new iam.Policy(this, 'describe-endpoint-policy', {
statements: [
new iam.PolicyStatement({
actions: ["iot:DescribeEndpoint"],
resources: ["*"]
}),
new iam.PolicyStatement({
actions: ["logs:CreateLogGroup"],
resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:*`]
}),
new iam.PolicyStatement({
actions: [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:log-group:/aws/lambda/*:*`]
})
]
});
const role = new iam.Role(this,
"abcdEndpointExecRole", {
roleName: "abcdEndpointExecRole",
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
inlinePolicies: {
"describe": extraPolicyStatements.document
}
});
then gave that to the Lambda as its role. Not sure that's the best way or not but it is readable and it wroks.
answered 2 years ago
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
Are you making sure that CF will not do any caching?