如果您想允许一个Lambda函数调用另一个Lambda函数,您应该更新Lambda角色的策略。
这是一个Terraform示例:
设置IAM角色和策略:
resource "aws_iam_role" "lambda_1_role" {
name = "Lambda_1_Role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
添加 IAM 策略:
resource "aws_iam_policy" "iam_policy_for_lambda_1" {
name = "aws_iam_policy_for_terraform_aws_lambda_1_role"
path = "/"
description = "AWS IAM Policy for managing aws lambda 1 role"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*",
"Effect": "Allow"
},
{
"Sid": "Stmt1464440182000",
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"*"
]
}
]
}
EOF
}
不要忘记指定您的资源。不要在生产环境中使用通配符。
将 IAM 策略附加到 IAM 角色:
resource "aws_iam_role_policy_attachment" "attach_iam_policy_to_iam_role_lambda_1" {
role = aws_iam_role.lambda_1_role.name
policy_arn = aws_iam_policy.iam_policy_for_lambda_1.arn
}
创建一个 Lambda 函数:
resource "aws_lambda_function" "lambda_1" {
function_name = "Lambda_1"
filename = "../lambda-1.zip"
role = aws_iam_role.lambda_1_role.arn
handler = "index.handler"
runtime = "nodejs16.x"
depends_on = [aws_iam_role_policy_attachment.attach_iam_policy_to_iam_role_lambda_1]
}