问题
There are similar questions but they have answers that I have tried. I'm not sure what I could be doing wrong but any help would appreciated.
Test details:
The Error from a method-execution test; PUT request:
Execution log for request test-request
Mon Oct 16 10:13:47 UTC 2017 : Starting execution for request: test-invoke-request
Mon Oct 16 10:13:47 UTC 2017 : HTTP Method: PUT, Resource Path: /pop-data-xmlz/test.xml
Mon Oct 16 10:13:47 UTC 2017 : Method request path: {item=test.xml, folder=pop-data-xmlz}
Mon Oct 16 10:13:47 UTC 2017 : Method request query string: {}
Mon Oct 16 10:13:47 UTC 2017 : Method request headers: {Content-Type=application/xml}
Mon Oct 16 10:13:47 UTC 2017 : Method request body before transformations: <test>
test string
</test>
Mon Oct 16 10:13:47 UTC 2017 : Request validation succeeded for content type application/json
Mon Oct 16 10:13:47 UTC 2017 : Execution failed due to configuration error: API Gateway does not have permission to assume the provided role
Mon Oct 16 10:13:47 UTC 2017 : Method completed with status: 500
I am following the API Gateway To S3 tutorial (http://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html) and attempting to execute a PUT request.
The API Gateway is in us-east-1 and the S3 bucket in us-east-2.
The created Role: APIGatewayProxyCustom
A policy (pop-date-ingest) is attached that allows PUT request to S3 buckets.
The Role has a trust relationship set:
回答1:
To fix this go to the role in your IAM and select the “Trust Relationships” tab. From here edit the policy and for the Principal Service add in “apigateway.amazonaws.com” as seen below. This will grant the API Gateway the ability to assume roles to run your function in addition to the existing lambda permission.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["apigateway.amazonaws.com","lambda.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}来源:https://stackoverflow.com/questions/46767947/aws-api-gateway-error-api-gateway-does-not-have-permission-to-assume-the-provid