DescribeEndpoint from inside a lambda
0
I am setting up a CF stack using the CDK. I am planning on having API gateway host a Lambda function to return the IoT Core mqtt endpoint for my remote IoT clients.
Is there a way within the SDK to call DescribeEndpoint from inside the lambda, or do I have to fetch() it from the URL? I'm not quite sure how I would go about calling that, since it needs account permissions.
Inside my Lambda, I'm trying this:
export async function getMqttEndpoint(request: APIGatewayProxyEventV2): Promise<APIGatewayProxyResultV2> {
const client = new IoTClient({});
const command = new DescribeEndpointCommand({
endpointType: "iot:Data"
});
return client.send(command)
.then((response) => {
return {
body: response.endpointAddress
}
});
}
言語
English
質問済み 2年前206ビュー
1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
ok I figured it out. I just didn't have the right permissions granted to the lambda.
In case anybody ever needs this in the future, here's how I did this in CDK:
const extraPolicyStatements = new iam.Policy(this, 'describe-endpoint-policy', {
statements: [
new iam.PolicyStatement({
actions: ["iot:DescribeEndpoint"],
resources: ["*"]
}),
new iam.PolicyStatement({
actions: ["logs:CreateLogGroup"],
resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:*`]
}),
new iam.PolicyStatement({
actions: [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:log-group:/aws/lambda/*:*`]
})
]
});
const role = new iam.Role(this,
"abcdEndpointExecRole", {
roleName: "abcdEndpointExecRole",
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
inlinePolicies: {
"describe": extraPolicyStatements.document
}
});
then gave that to the Lambda as its role. Not sure that's the best way or not but it is readable and it wroks.
回答済み 2年前
関連するコンテンツ
AWS公式更新しました 1年前- AWS公式更新しました 1年前
Are you making sure that CF will not do any caching?