Reputation: 63
resctricting invoking lambda function from another lambda function
i have 4 simple lambda function lambda A, lambda B, lambda C, lambda D using Node.js here lambda A invoking lambda C and lambda B invoking D using aws-sdk this is my code
var AWS = require('aws-sdk');
AWS.config.region = 'ap-south-1';
var lambda = new AWS.Lambda();
var params = {
FunctionName: 'lambda C', // the lambda function we are going to invoke
InvocationType: 'RequestResponse',
LogType: 'Tail',
Payload: '{ "name" : "Shatya 2" }'
};
exports.handler = function(event, context) {
lambda.invoke(params,function(err, data) {
if (err) {
context.fail(err);
} else {
context.succeed('Lambda_B said '+ data.Payload);
}
})
};
Everything is working fine but now I have one more requirement which is related to permission and access invoke deny.
so basically I have to restrict lambda C function to get invoked only by lambda A and same for lambda D means lambda D only can invoked by lambda B.
so if lambda A try to invoke lambda D then it should not get access it should get deny access error same for lambda B if lambda B try to access lambda C
All lambda function in same region and same user.
so basically only specified lambda function can invoked that particular lambda function.
i try to restrict by resource policy but not working.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "lambda:*",
"Resource": "*"
}
]
}
this policy I added in lambda D to practice to check deny policy. here I assumed no lambda function will able to invoke lambda D not even lambda B but its now working all lambda function able to invoke lambda D
Upvotes: 0
Views: 1288
Answers (1)
Reputation: 4099
By default, the lambda functions cannot invoke other lambda functions without permission, so configure the lambda functions A and B in such a way as to invoke only the lambda functions C and D respectively.
Specify the below-mentioned resource policy explicitly on lambda A
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": [
"<Replace_With_Lambda_Function_C_ARN>"
]
}
And, this one on Lambda B
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": [
"<Replace_With_Lambda_Function_D_ARN>"
]
}
Upvotes: 1
Related Questions
- How to copy or duplicate an AWS Lambda function
- AWS lambda sequentially invoke same function
- Invoke a lambda function when another lambda function is deployed
- AWS Lambda - Invoke a method of another lambda function
- call method of lambda function from another lambda function - Python
- Invoke AWS Lambda function when multiple Lambda function is done
- aws lambda: invoke function via other lambda function
- In 2018, what is the correct way to allow invocation of a single lambda function?
- How to invoke second lambda function with parameter using python
- Lambda function calling another Lambda function