我创建了一个 AWS 传输系列 SFTP 服务器,它使用 lambda 函数进行身份验证。当我尝试登录 SFTP 时。我收到以下错误:
"method": "password",
"activity-type": "AUTH_FAILURE",
"source-ip": "172.105.39.41",
"resource-arn": "arn:aws:transfer:us-east-2:123456789012:server/s-123456",
"message": "Unable to invoke Lambda function: arn:aws:lambda:us-east-2: 123456789012:function:SFTP-Lambda",
"user": "user"
lambda 具有以下调用权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-2:123456789012:function:SFTP-Lambda",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:transfer:us-east-2:123456789012:server/s-123456"
}
}
}
]
}
有人可以请问这里需要添加什么,以便我可以使用 lambda 进行身份验证吗?
我正在尝试遵循以下文档,但看起来提供的 IAM 权限未按预期工作:https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role。 html
您似乎混淆了 Lambda 资源策略的 SourceArn。您正在引用 lambda 本身而不是 SFTP 服务器