既然Terraform可以导入lambda权限(这在撰写本文时是不可能的(,我如何找到aws_lambda_permission资源的import参数的function_name/statement_id部分?
我想这可以被改写为:当权限对象由控制台创建时,我在哪里可以找到它的SID?
在Lambda函数的permissions选项卡中,我有这样的策略:
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "11111111-1234-1234-1234-1234567891234",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:eu-west-2:123456789012:function:MyLizardApp",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:eu-west-2:123456789012:hfqy1l9g3m/*/*/*"
}
}
},
{
"Sid": "22222222-1234-1234-1234-1234567891234",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:eu-west-2:123456789012:function:MyLizardApp",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:eu-west-2:123456789012:hfqy1l9g3m/*/*/"
}
}
}
]
}
我尝试使用的导入命令是:
terraform import aws_lambda_permission.apigw_lambda_proxy MyLizardApp/InvokeFunction
我这样做是为了尝试填充地形资源(这在本文中被描述为导入地形的一种方法(:
resource "aws_lambda_permission" "apigw_lambda_proxy" {
}
resource "aws_lambda_permission" "apigw_lambda_root" {
}
这应该在AWS控制台Lambda函数的"权限"选项卡中。该选项卡的第一部分是Lambda函数所具有的权限,而第二部分(标题为Resource-based policy(具有从其他AWS服务调用Lambda函数的权限。
您还应该能够通过使用AWS CLI的aws lambda get-policy来获得它。这将以嵌套的转义JSON形式返回调用策略,该JSON可以使用jq:提取
aws lambda get-policy --function-name MY_EXAMPLE_FUNCTION | jq -r '.Policy | fromjson | .Statement[].Sid'