如何解决(AccessDeniedException) 调用 ListFunctions 时
我根据这个有用的页面 (https://vipmunot.medium.com/how-to-remove-older-versions-of-lambda-a4415f11a2da) 创建了一个 lambda 脚本来清理旧版本
Description:
Resources:
LambdaFunctionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: AWSLambdaFullAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: '*'
LambdaFunction:
Type: AWS::Lambda::Function
Properties:
Runtime: python3.6
Timeout: 5
Handler: index.handler
Role: !GetAtt LambdaFunctionRole.Arn
Code:
ZipFile:
!Sub
- |-
#!/usr/bin/env python3
import json
import boto3
from collections import Counter
def lambda_handler(event,context):
client = boto3.client('lambda')
response = client.list_functions(FunctionVersion='ALL')
d = dict(Counter([x['FunctionName'] for x in response['Functions']]))
print(json.dumps(d,indent=2))
for key,value in d.items():
if value > 5:
print(key,'->',value)
a = {}
for x in response['Functions']:
if x['FunctionName'] == key and x['Version'] != '$LATEST':
#print(x['FunctionArn'],x['LastModified'])
a[x['FunctionArn']] = x['LastModified']
listofTuples = sorted(a.items(),key=lambda x: x[1])
print(a)
print(json.dumps(listofTuples))
if len(listofTuples) > 5:
for elem in listofTuples[0:len(listofTuples)-5]:
#response = client.delete_function(FunctionName=elem[0])
print("FunctionArn",elem[0],"Deleted response",response,sep = "->")
- lambda_function_role_arn: !Ref LambdaFunctionRole
我目前仅尝试使用附加了 AdministratorAccess 策略的 root 用户帐户执行此操作,但是出现以下错误:我需要添加哪些权限/策略?
[ERROR] ClientError: An error occurred (AccessDeniedException) when calling the ListFunctions operation: User: arn:aws:sts::148500871082:assumed-role/my-simple-lambda-function-stack-LambdaFunctionRole-1UD0AWLM5NBYP/my-simple-lambda-function-stack-LambdaFunction-4DFB3KPDMIUL is not authorized to perform: lambda:ListFunctions on resource: *
Traceback (most recent call last):
File "/var/task/index.py",line 8,in handler
response = client.list_functions(FunctionVersion='ALL')
File "/var/runtime/botocore/client.py",line 357,in _api_call
return self._make_api_call(operation_name,kwargs)
File "/var/runtime/botocore/client.py",line 676,in _make_api_call
raise error_class(parsed_response,operation_name)```
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。