現在、ラムダ関数のアクセス許可を宣言するためのショートカットはありません。そのARNに基づいて権限を与える必要があります。
下記は動作例です。
serverless.yml
service: test-invoke-function
provider:
name: aws
runtime: nodejs6.10
region: us-east-1
stage: dev
environment:
AWS_ACCOUNT: 1234567890 # use your own AWS ACCOUNT number here
# define the ARN of the function that you want to invoke
FUNCTION_ARN: "arn:aws:lambda:${self:provider.region}:${self:provider.environment.AWS_ACCOUNT}:function:${self:service}-${self:provider.stage}-lambdaTwo"
functions:
# lambdaOne will invoke lambdaTwo
lambdaOne:
handler: handler.lambdaOne
role: functionPermission # we'll define later in this file
lambdaTwo:
handler: handler.lambdaTwo
# define the IAM permissions of our Lambda function
resources:
Resources:
functionPermission:
Type: AWS::IAM::Role
Properties:
RoleName: functionPermission
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: functionPermission
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: "Allow"
Action:
- "lambda:InvokeFunction"
Resource: "${self:provider.environment.FUNCTION_ARN}"
handler.js
const AWS = require('aws-sdk');
module.exports.lambdaOne = (event, context, callback) => {
const lambda = new AWS.Lambda();
const params = {
FunctionName: process.env.FUNCTION_ARN,
Payload: JSON.stringify({ message: 'lambdaOne invoking lambdaTwo' })
};
// invoke lambdaTwo
lambda.invoke(params, (err, data) => {
if (err) {
callback(err, null);
return;
}
const response = {
statusCode: 200,
body: JSON.stringify({
message: 'lambdaOne result',
result: data
})
};
callback(null, response);
});
};
module.exports.lambdaTwo = (event, context, callback) => {
const response = {
statusCode: 200,
body: JSON.stringify({
message: 'lambdaTwo result',
data: event
})
};
callback(null, response);
};
ああ、bonisimo!これは非常に便利です。ありがとう! –