最近在网上看到一道关于AWS Lambda的题,十分有意思:- A developer has an application that uses an AWS Lambda function to upload files to Amazon S3 and needs the required permissions to
- perform the task. The developer already has an IAM user with valid IAM credentials required for Amazon S3.
- What should a solutions architect do to grant the permissions?
- A. Add required IAM permissions in the resource policy of the Lambda function.
- B. Create a signed request using the existing IAM credentials in the Lambda function.
- C. Create a new IAM user and use the existing IAM credentials in the Lambda function.
- D. Create an IAM execution role with the required permissions and attach the IAM role to the Lambda function.
而Lambda是需要用某种IIAM role来执行的,且这个Role是需要有S3的操作权限来上传文件的。看完四个选项,只有D是正确的。而A是用来迷惑人的,IAM permissions是加在Role上的,并不是直接配置在Lambda上。
再进一步再想,这个配置在AWS中该如何编写呢?
配置如下:- {
- "Effect": "Allow",
- "Action": "s3:PutObject",
- "Resource": "arn:aws:s3:::your-bucket-name/*"
- }
- service: upload-service
- provider:
- name: aws
- runtime: nodejs18.x
- region: ap-northeast-1
- iamRoleStatements:
- - Effect: Allow
- Action:
- - s3:PutObject
- Resource:
- - arn:aws:s3:::test-bucket/*
-
- functions:
- uploader:
- handler: handler.uploadFile
- events:
- - http:
- path: upload
- method: post
- plugins:
- - serverless-offline
- onst AWS = require('aws-sdk');
- const s3 = new AWS.S3();
- module.exports.uploadFile = async (event) => {
- const content = Buffer.from("test for lambda");
- const bucketName = "test-bucket";
- await s3.putObject({
- Bucket: bucketName,
- Key: "example.txt",
- Body: content,
- }).promise();
- return {
- statusCode: 200,
- body: JSON.stringify({ message: "Uploaded successfully" }),
- };
- };
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作! |
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
