问题描述

我有一些javascript在我的本地机器上运行，但在Lambda内无效。

I've got a bit of javascript which runs on my local machine but doesn't work from within the Lambda.

调用<$ c $时超时c> cognitoidentity.getOpenIdTokenForDeveloperIdentity

{
  "errorMessage": "2016-03-17T16:50:25.181Z 4fa3fa5a-ec60-11e5-8316-415fa39313da Task timed out after 15.00 seconds"
}

在本地它工作正常（调用AWS生产服务）所以它必须是我附加到Lambda的策略。

On local it works fine (calling into AWS production services) so it must be the policy I have attached to the Lambda.

以下是政策我有：

AmazonCognitoDeveloperAuthenticatedIdentities

AWSLambdaVPCAccessExecutionRole

这是我也有的自定义：

 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "mobileanalytics:PutEvents",
                "cognito-sync:*"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "lambda:InvokeFunction"
            ],
            "Resource": [
                "arn:aws:lambda:eu-west-1:myaccountid:function:users_login"
            ]
        }
    ]
}

Lambda ARN直接从该Lambda屏幕复制。什么缺失的想法？

The Lambda ARN was copied directly from that Lambda screen. Any ideas of what's missing?

推荐答案

不，如果是这种情况，您将收到权限被拒绝错误，而不是超时。

No, if that were the case you would be getting a permission denied error, not a timeout.

看起来您的Lambda函数具有VPC访问权限。您需要为VPC配置NAT网关，以便Lambda函数可以访问VPC之外的任何内容，包括Cognito等AWS服务。

It looks like your Lambda function has VPC access. You need to configure a NAT gateway for your VPC in order for the Lambda function to have access to anything outside the VPC, including AWS services like Cognito.

这篇关于AWS Lambda无法调用Cognito Identity - IAM角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！