我正在尝试使用**AWS.ApiGatewayManagementApi() postToConnection**方法向通过套接字连接的客户端发送消息。它在本地工作正常,但在ec2中不工作。唯一的区别是VPC。这会是一个问题吗?
var AWS = require('aws-sdk');
var awsGW = new AWS.ApiGatewayManagementApi({
endpoint: "https://endpoint",
accessKeyId: "accessKeyId",
secretAccessKey: "secretAccessKey",
region: "region"
});
awsGW.postToConnection({
ConnectionId: 'ConnectionId',
Data: '{"key1":"msg1","key2":"msg2"}'
}, (err, success) => {
if (err) {
console.log('Socket error', err);
} else {
}
});
错误:
{ ForbiddenException: Forbidden
at Object.extractError (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/protocol/json.js:51:27)
at Request.extractError (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/protocol/rest_json.js:55:8)
at Request.callListeners (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /home/ubuntu/git/backend/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/home/ubuntu/git/backend/node_modules/aws-sdk/lib/request.js:685:12)
message: 'Forbidden',
code: 'ForbiddenException',
time: 2019-06-10T07:40:02.214Z,
requestId: 'f4caef03-8b52-11e9-9cc3-91bfe40b8eb0',
statusCode: 403,
retryable: false,
retryDelay: 37.0834357877396 }
403听起来您需要更新用于IAM角色的策略,以调用您的postToConnection
就我而言,我明显缺少规则,因此我必须附加ExecuteAPI的授权
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "execute-api:*",
"Resource": "arn:aws:execute-api:eu-west-1:###########:*/*/*/*"
}
]
}