startFeedbackWebsocketsRoute:
Type: 'AWS::ApiGatewayV2::Route'
DependsOn:
- 'WebsocketsApi'
- 'FeedbackFlowStartFeedbackWebsocketsIntegration'
Properties:
ApiId:
Ref: 'WebsocketsApi'
RouteKey: 'startFeedback'
AuthorizationType: 'NONE'
Target:
Fn::Join:
- '/'
- - 'integrations'
- Ref: 'FeedbackFlowStartFeedbackWebsocketsIntegration'
然后由该路线援引的集成:
FeedbackFlowStartFeedbackWebsocketsIntegration:
Type: 'AWS::ApiGatewayV2::Integration'
DependsOn: 'WebsocketsApi'
Properties:
ApiId:
Ref: 'WebsocketsApi'
IntegrationType: 'AWS_PROXY'
IntegrationUri:
Fn::Join:
- ''
- - 'arn:'
- Ref: 'AWS::Partition'
- ':apigateway:'
- Ref: 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- Fn::ImportValue: demo-feedback-stack-${sls:stage}-FeedbackFlowStartFeedbackLambdaArn
- '/invocations'
在上面的示例代码中,我正在导入我希望调用的lambda的arn 我需要的是lambda的权限,以允许API网关触发lambda
FeedbackFlowStartFeedbackPermission:
Type: 'AWS::Lambda::Permission'
DependsOn:
- 'WebsocketsApi'
Properties:
FunctionName:
Fn::ImportValue: demo-feedback-stack-${sls:stage}-FeedbackFlowStartFeedbackLambdaArn
Action: 'lambda:InvokeFunction'
Principal: 'apigateway.amazonaws.com'
当我的应用程序连接到Websocket时,它将调用$ Connect Route,该路由在同一堆栈中调用lambda并运行一些正常过程,这些过程正常。但是在那之后,当它调用“ StartFeedBack”路线并需要从单独的堆栈调用lambda时,它总是返回:
{"message": "Forbidden", "connectionId":***"myConnectionID"***, "requestId":***"myRequestId"***}
我认为这是权限的问题,所以我篡改了它,并尝试了不同的事情,例如创建IAM角色并将其附加到我的集成中,以确保它实际上可以调用lambda,但没有运气。
如果是权限问题,这是我创建的IAM角色,以解决问题:FeedbackFlowStartFeedbackWebsocketsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: apigateway.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ApiGatewayInvokeLambdaPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: lambda:InvokeFunction
Resource:
Fn::ImportValue: demo-feedback-stack-${sls:stage}-FeedbackFlowStartFeedbackLambdaArn
我在这里错过了什么?
根据
awsdocs
,对于websocket,我们需要始终添加AWS::ApiGatewayV2::Integration
我缺少我的云形式代码update: