AWS LAMBDA VPC访问错误:“CreateNetworkInterface”
我想设置我的lambda来访问我的VPC的EC2实例中的一个我蒙戈服务器。选择所有的子网和安全组后保存 时,我得到以下错误“您没有权限来执行。CreateNetworkInterface”
我相信我需要对我的帐户某种策略设置来允许这一点,但我有“AdministratorAccess”,我正在尝试将IAM角色添加到我的帐户。有谁知道我需要什么政策/角色?
Gotcha !!!如果错误消息显示“此Lambda函数未被授权执行:CreateNetworkInterface”,那么更合理的做法是需要使用适当的策略修改Lambda角色。从blueskin他回答:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"autoscaling:CompleteLifecycleAction"
]
}
]
}
有必要提供拉姆达与政策行动:
NetworkLambdaRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: "Network-Lambda-Role"
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
- PolicyName: "network-lambda-role-policy"
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: "Allow"
Action: [
"ec2:DescribeInstances",
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
]
Resource: "*"
注 通过增加政策的作用是拉姆达使用固定的问题缺少策略ec2:DeleteNetworkInterfaces
您是否试图启动实例?错误消息与您正在尝试执行的操作无关。 – helloV
不,只是试图设置我的lambda来访问我的VPC资源 – blueskin