using lambda as the identity broker to access AWS Console
Hi, I create an identity broker to access AWS Console by following the 'Example code using Python' in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html. It works on my desktop. I can run the python code and generate valid AWS Console URL with assume role. However, when I migrate the code into lambda by assuming the same role, I failed at requests.get(request_url) with 400 error. In my code, lambda has assumed the role successfully. Why the assumed role can generate AWS Console url in my desktop but failed in lambda?
- 最新
- 投票最多
- 评论最多
What role and policies does your deployed Lambda function have? If it doesn't have permission to assume the role, then I think you will get the error you described.
Usually your development user/role will have more permissions than a deployed Lambda function, but it depends on the deployed function role.
相关内容
AWS 官方已更新 3 年前
