问题
I am attempting to use BOTO3 to create an Api Gateway method that invokes a lambda function. I have so far been unable to find how to grant the necessary permissions.
Curiously, setting the lambda method name manually through the AWS console sets up permissions automatically. I have been unable to replicate this in code.
This is the code I am using to set up the gateway:
# Create a rest api
self.rest_api = self.apigateway.create_rest_api(
name='AWS_CMS_Operations'
)
# Get the rest api's root id
root_id = self.apigateway.get_resources(
restApiId=self.rest_api['id']
)['items'][0]['id']
# Create an api resource
api_resource = self.apigateway.create_resource(
restApiId=self.rest_api['id'],
parentId=root_id,
pathPart='AWS_CMS_Manager'
)
# Add a post method to the rest api resource
api_method = self.apigateway.put_method(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
authorizationType='NONE'
)
# Add an integration method to the api resource
self.apigateway.put_integration(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
type='AWS',
integrationHttpMethod='POST',
uri=self.create_api_invocation_uri()
)
# Set the put method response for the api resource
self.apigateway.put_method_response(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
statusCode='200',
responseModels={
'application/json': 'Empty'
}
)
# Set the put integration response for the api resource
self.apigateway.put_integration_response(
restApiId=self.rest_api['id'],
resourceId=api_resource['id'],
httpMethod='POST',
statusCode='200',
responseTemplates={
'application/json': ''
}
)
# Create a deployment of the rest api
self.apigateway.create_deployment(
restApiId=self.rest_api['id'],
stageName='prod'
)
# Give the api deployment permission to trigger the lambda function
self.lmda.add_permission(
FunctionName=self.lmda_function['FunctionName'],
StatementId='apigateway-production-aws-cms',
Action='lambda:InvokeFunction',
Principal='apigateway.amazonaws.com',
SourceArn=self.create_api_permission_uri(api_resource)
)
Everything works fine with the exception of the proper permission being set for the gateway to invoke lambda.
回答1:
From section 3.6 in this tutorial is a sample CLI command:
$ aws lambda add-permissionn \
--function-name <function-name> \
--statement-id apigateway-test-2 \
--action lambda:InvokeFunction \
--principal apigateway.amazonaws.com \
--source-arn "<method-arn">
Should be straight forward enough to translate to Boto3.
来源:https://stackoverflow.com/questions/38027414/giving-aws-api-gateway-permission-to-invoke-lambda-function-using-boto3