How to give API gateway permission to invoke lambda function through api or cli?

Source Quora forum

How to give API gateway permission to invoke lambda function through api or cli? from aws

You must grant API Gateway access permission to the IAM user who will perform the tasks. The IAM user must have full access to work with Lambda. For this, you can use or customize the managed policy of AWSLambdaFullAccess (arn:aws:iam::aws:policy/AWSLambdaFullAccess) and attach it to the IAM user.
There are two mechanisms for API Gateway to invoke your lambda from a security perspective.

API Gateway assumes a role and calls your lambda using your role
API Gateway Invokes the lambda and you have given permission to API Gateway in the resource-attached policy for that lambda function.
1 introduces a bunch of latency so don’t use this if you can stand it. 2 is what the console is doing for you in your screen shot.

The API/CLI command you want is this: http://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html

——————- BILEL

after ii created my api script when i navigate to the plateform console i ‘dind’t find that the apigateway icon was plugged to my lambda however when i navigate to my apigateway ican see that the integration response is tied to my demo_lamdaOne

Solution 1

enter to the interation response click in lambda function and REsave it ,you will get a popup it tells you if you want to give permission th APU Gateway to invoke your lambda when yu click ok a perission will be created and u can see in lambda console that the api gateway was plugged to ur lambda

Solution 2 add terraform script that give persmission to your apiG to invoke yur lambda and you will haveur icon apgt plugge to lambda

resource « aws_api_gateway_rest_api » « MyDemoAPI » {…}

resource "aws_lambda_permission" "apigw_lambda" {
  statement_id  = "AllowExecutionFromAPIGateway"
  action        = "lambda:InvokeFunction"
  function_name = "demo_lambdaOne"
  principal     = "apigateway.amazonaws.com"

  # More: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html
  source_arn = "arn:aws:execute-api:${var.myregion}:${var.accountId}:${aws_api_gateway_rest_api.api.id}/*/${aws_api_gateway_method.method.http_method}${aws_api_gateway_resource.resource.path}"
 source_arn = "arn:aws:execute-api:yyy:xxx:${aws_api_gateway_rest_api.MyDemoAPI.id}/*/POST/tickets"
}

Votre commentaire Annuler la réponse.

Entrez votre commentaire...

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

E-mail (adresse strictement confidentielle)

Nom

Site web

Vous commentez à l’aide de votre compte WordPress.com. ( Déconnexion / Changer )

Vous commentez à l’aide de votre compte Twitter. ( Déconnexion / Changer )

Vous commentez à l’aide de votre compte Facebook. ( Déconnexion / Changer )

Annuler

Connexion à %s

Bilel Khaled

A Java Developer / Devops Lover and AWS Junkie