阅读背景:

从AWS Lambda JS SDK中访问EC2资源。

来源:互联网 

I'm writing a function which needs to make some requests to EC2 to create and delete snapshots. However there is currently no feature in Lambda to directly making requests with EC2 resources. I'm attempting to use Class: AWS.TemporaryCredentials but there is a notice that writes:

我正在编写一个函数,它需要向EC2发出一些请求来创建和删除快照。但是,目前Lambda中没有任何特性直接向EC2资源发出请求。我正在尝试使用类:AWS。临时凭证,但有一个通知写道:

Note: In order to create temporary credentials, you first need to have "master" credentials configured in AWS.Config.credentials. These master credentials are necessary to retrieve the temporary credentials, as well as refresh the credentials when they expire.

注意:为了创建临时凭据,您首先需要在aws . config .凭据中配置“master”凭据。这些主凭证对于检索临时凭证是必要的,并且在它们到期时刷新凭证。

So I'm not sure how to store the credentials since this Lambda is only a function.

因此我不确定如何存储凭证,因为这个Lambda只是一个函数。

1 个解决方案

#1


4  

In order for your Lambda function to make EC2 requests, you have to create an IAM role that has the necessary permissions and then associate that role with your IAM function. The AWS Lambda CreateFunction API request has a required parameter called Role which would be the ARN of the new role you have created. In this way, each time your Lambda function is run Lambda will create temporary AWS credentials for it to use that have the permissions defined in the role.

为了让Lambda函数发出EC2请求,您必须创建具有必要权限的IAM角色,然后将该角色与IAM函数关联起来。AWS Lambda CreateFunction API请求具有一个名为Role的必需参数,该参数将是您创建的新角色的ARN。这样,每次运行Lambda函数时,都会为它创建具有角色中定义的权限的临时AWS凭据。


分享到: