擅长:python、mysql、java
<p>lambda(账户A)已分配IAM角色(RoleA)。步骤功能(帐户B)已分配IAM角色(角色B)</p>
<h3>权限</h3>
<ol>
<li><p>lambda的IAM角色应具有从(帐户B)承担该角色的权限</p>
<pre><code>{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "*"
}
]
}
</code></pre>
</li>
<li><p>步骤功能IAM角色(角色B)应具有允许Lambda的IAM角色承担的受信任策略。在以下信任策略中<code>123456789012</code>是帐户A的帐号</p>
<pre><code>{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:root"
]
},
"Action": "sts:AssumeRole"
}
]
}
</code></pre>
</li>
</ol>
<h3>lambda内部</h3>
<ol>
<li><p>lambda应该具有从帐户B承担角色(角色B)并获取临时凭据的代码</p>
</li>
<li><p>使用这些凭证,lambda应该调用step函数</p>
</li>
</ol>
<p><a href="https://aws.amazon.com/premiumsupport/knowledge-center/lambda-function-assume-iam-role/" rel="nofollow noreferrer">How to assume an IAM role in a different account from lambda</a></p>