我正在尝试使用Python代码触发Lambda函数,如下所示
import boto3
from botocore.exceptions import NoCredentialsError, PartialCredentialsError
def get_lambda_client():
return boto3.client('lambda')
def invoke_lambda():
lambda_client = get_lambda_client()
if lambda_client:
try:
response = lambda_client.invoke(
FunctionName='MyLambdaFunctionName',
InvocationType='RequestResponse', # or 'event for async invocation'
Payload=b'{}' #Not sending any payload
)
print(f" the response from the aws = {response}")
except Exception as e:
print(f" Error invoking Lambda function: {e}")
invoke_lambda()
角色附加以下政策
触发 Lambda 函数的策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "< arn of my lambda function>"
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "< arn of the role I created for lambda function which intern
will trigger aws step function>"
}
]
}
我为此 Lambda 函数触发器创建的角色的可信策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
"AWS": "<arn for the iam user>"
},
"Action": "sts:AssumeRole"
}
]
}
如果这里缺少任何内容,请告诉我。当我尝试从 python 代码触发 lambda 函数时遇到的错误是
Error invoking Lambda function: An error occurred (ExpiredTokenException) when calling the Invoke operation: The security token included in the request is expired
通过承担 sts 角色,提出可以在此处使用的解决方案。考虑到我没有权限获取
AccessKey
、SecreteKey
和 SessionToken
。
当您执行
boto3.client('lambda')
时,您正在从环境变量 AWS_SESSION_TOKEN 或 ~/.aws/credentials 文件中检索凭证
您的会话令牌看起来已过期,您需要使用 sts 重新生成一个新令牌
boto3.client('sts').get_session_token()
请参阅 boto3 doc