我有这个 React 代码,我想用它来向 AWS Lambda 发出请求:
import React, {useState} from 'react';
import { Link } from 'react-router-dom';
import {LambdaClient, InvokeCommand, LogType} from "@aws-sdk/client-lambda"; // ES Modules import
const { fromTemporaryCredentials } = require("@aws-sdk/credential-providers");
const FooterOne = ({ footerLight, style, footerGradient }) => {
const AWS = require('aws-sdk');
AWS.config.update({
accessKeyId: "123456",
secretAccessKey: "........."
});
const handleSubmit = async (event) => {
event.preventDefault();
const credentials = await fromTemporaryCredentials({
params: {
RoleArn: "arn:aws:lambda:us-east-1:12345678:function:email-submit",
},
clientConfig: {
region: 'us-west-2',
},
})();
try {
const client = new LambdaClient({
region: 'us-west-2',
credentials,
});
const command = new InvokeCommand({
FunctionName: "email-submit",
Payload: JSON.stringify("payload"),
LogType: LogType.Tail,
});
const { Payload, LogResult } = await client.send(command);
const result = Buffer.from(Payload).toString();
const logs = Buffer.from(LogResult, "base64").toString();
return { logs, result };
} catch (error) {
console.error('Error invoking function:', error);
// Handle errors as needed
}
};
return (
<>
<form onSubmit={handleSubmit}>
<input
type='text'
placeholder='Enter your email'
name='email'
required=''
autoComplete='off'
/>
<input
type='submit'
value='Subscribe'
data-wait='Please wait...'
/>
</form>
</>
);
};
export default FooterOne;
我尝试了这个AWS配置:
但是当我运行 React 代码时出现错误:
Uncaught (in promise) Error: Credential is missing
at SignatureV4.credentialProvider (runtimeConfig.browser.js:22:1)
at SignatureV4.signRequest (SignatureV4.js:103:1)
at SignatureV4.sign (SignatureV4.js:58:1)
at awsAuthMiddleware.js:24:1
at async retryMiddleware.js:27:1
at async loggerMiddleware.js:3:1
at async fromTemporaryCredentials.js:20:1
at async handleSubmit (FooterOne.js:12:1)
您知道应该如何配置 IAM 用户以便我可以直接访问 Lambda 吗?
我在您的代码中的
fromTemporaryCredentials
方法中看到一个角色 ARN,您的应用程序将采用该角色并获取凭据。
所以本质上,您只需要授予此 IAM 角色
arn:aws:lambda:us-east-1:12345678:function:email-submit
足够的权限来调用您的 Lambda 函数。
无需创建额外的 IAM 角色。只需尝试将
AWSLambda_FullAccess
托管策略附加到此角色即可。如果有效,那么您可以按照最小权限原则创建新策略。