Home > Software engineering >  Lambda Roles and SCPs
Lambda Roles and SCPs

Time:03-31

have a question regarding Lambda and Roles and SCPs.

Lets say that I have a Lambda function doing a certain IAM call, the lambda role has the permission needed for doing it. The Lambda it self is created with a Cloudformation. The Cloudfromation deployment is ran with a tool using the service role for the tool, no service role for the CF. The Lambda Function is triggered by a Custom Resource in the same CF.

Tool(with role) -> CF(No service role) -> CR -> Lambda -> IAM call

Now add a SCP with a Deny for the IAM call. What principal needs to have condition in the SCP to not be affected by the SCP?

CodePudding user response:

The role you use for the lambda is the principal that needs an exception in the SCP. Ultimately, it is the principal that is running the lambda that is making the IAM call, so that is what will need the condition.

Page link:https//www.codepudding.com/Softwareengineering/354429.html

Prev:Connect cloudfront with ElasticBeanStalk Application
Next:Allow AWS lambda function to access SAAS from inside
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding