Menu
I am trying to invoke a lambda function from an iOS client. My code looks like this:
To get credentials, in appDelegate:
func application(_ application: UIApplication,
didFinishLaunchingWithOptions launchOptions:
[UIApplicationLaunchOptionsKey: Any]?) -> Bool {
// Uncomment to turn on logging, look for "Welcome to AWS!" to confirm success
AWSDDLog.add(AWSDDTTYLogger.sharedInstance)
AWSDDLog.sharedInstance.logLevel = .error
// Instantiate AWSMobileClient to get AWS user credentials
return AWSMobileClient.sharedInstance().interceptApplication(application, didFinishLaunchingWithOptions: launchOptions)
}
And to invoke on the viewController:
class ViewController: UIViewController {
let lambdaInvoker = AWSLambdaInvoker.default()
let jsonObject: [String: Any] = ["key1" : "value1",
"key2" : 2 ,
"key3" : [1, 2],
"isError" : false]
@IBAction func button(_ sender: Any) {
print("pressed")
lambdaInvoker.invokeFunction("myTest", jsonObject: jsonObject)
.continueWith(block: {(task:AWSTask<AnyObject>) -> Any? in
if( task.error != nil) {
print("Error: \(task.error!)")
return nil
}
// Handle response in task.result
if let JSONDictionary = task.result as? NSDictionary {
print("Result: \(JSONDictionary)")
print("resultKey: \(JSONDictionary["resultKey"])")
}
return nil
})
}
It throws this error:
... Message=User: arn:aws:sts::103314601078:assumed-role/Cognito_testpoolUnauth_Role/CognitoIdentityCredentials is not authorized to perform: lambda:InvokeFunction on resource ...
I also have this role set up:
{
"roleName": "myRoleTest",
"policies": [
{
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1464440182000",
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction"
],
"Resource": [
"*"
]
}
]
}
I know I need to add permissions for that resource to invoke the function, but I can't find where or how to do it! I'd appreciate any help...
829
The error is saying the user under which the nodejs program is running does not have rights to start the Lambda function. You need to give your IAM user the lambda:InvokeFunction permission: Find your User in the IAM Management Console and click it.
Choose a function. Choose Configuration and then choose Permissions. Scroll down to Resource-based policy and then choose View policy document. The resource-based policy shows the permissions that are applied when another account or AWS service attempts to access the function.
Ok, I don't know if this will be useful to anyone but I solved the issue. It turns out that to use the AWS SDK properly first you need to create an identity pool. I did all that, as you can see, and added the pool id and region to the configuration file. What I missed is that you also need to add permissions to the identity pool to use the lambda services.
So, once the identity pool is created you will have two new roles, one auth and one unauth. You should go to the IAM console, roles, locate the role in question (in my case unauth) and modify the policy to something like this:
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource":[
"*"
]
},
{
"Effect":"Allow",
"Action":[
"lambda:invokefunction"
],
"Resource":[
"arn:aws:lambda:us-east-1:account-id:function:yourFunctionName"
]
}
]
}
After this, your resource should be able to invoke the lambda function.
If this is not the best way please point it out!
EDIT:
There is actually a managed policy called AWS Lambda Role that will let you invoke with no problems.
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With