(AccessDeniedException) 调用 ListFunctions 时

我根据这个有用的页面 (https://vipmunot.medium.com/how-to-remove-older-versions-of-lambda-a4415f11a2da) 创建了一个 lambda 脚本来清理旧版本

Description:
  Resources:
    LambdaFunctionRole:
      Type: AWS::IAM::Role
      Properties:
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action:
                - sts:AssumeRole
        Path: "/"
        Policies:
          - PolicyName: AWSLambdaFullAccess
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
                - Effect: Allow
                  Action:
                    - logs:CreateLogGroup
                    - logs:CreateLogStream
                    - logs:PutLogEvents
                  Resource: '*'

                  LambdaFunction:
                    Type: AWS::Lambda::Function
                    Properties:
                      Runtime: python3.6
                      Timeout: 5
                      Handler: index.handler
                      Role: !GetAtt LambdaFunctionRole.Arn
                      Code:
                        ZipFile:
                          !Sub
                          - |-
                            #!/usr/bin/env python3

                            import json
                            import boto3
                            from collections import Counter
                            def lambda_handler(event,context):
                                client = boto3.client('lambda')
                                response = client.list_functions(FunctionVersion='ALL')
                                d = dict(Counter([x['FunctionName'] for x in response['Functions']]))
                                print(json.dumps(d,indent=2))
                                for key,value in d.items():
                                    if value > 5:
                                       print(key,'->',value)
                                       a = {}
                                       for x in response['Functions']:
                                           if x['FunctionName'] == key and x['Version'] != '$LATEST':
                                               #print(x['FunctionArn'],x['LastModified'])
                                               a[x['FunctionArn']] = x['LastModified']
                                       listofTuples = sorted(a.items(),key=lambda x: x[1])
                                       print(a)
                                       print(json.dumps(listofTuples))
                                       if len(listofTuples) > 5:
                                           for elem in listofTuples[0:len(listofTuples)-5]:
                                               #response = client.delete_function(FunctionName=elem[0])
                                               print("FunctionArn",elem[0],"Deleted response",response,sep = "->")
                          - lambda_function_role_arn: !Ref LambdaFunctionRole

我目前仅尝试使用附加了 AdministratorAccess 策略的 root 用户帐户执行此操作，但是出现以下错误：我需要添加哪些权限/策略？

[ERROR] ClientError: An error occurred (AccessDeniedException) when calling the ListFunctions operation: User: arn:aws:sts::148500871082:assumed-role/my-simple-lambda-function-stack-LambdaFunctionRole-1UD0AWLM5NBYP/my-simple-lambda-function-stack-LambdaFunction-4DFB3KPDMIUL is not authorized to perform: lambda:ListFunctions on resource: *
Traceback (most recent call last):
  File "/var/task/index.py",line 8,in handler
    response = client.list_functions(FunctionVersion='ALL')
  File "/var/runtime/botocore/client.py",line 357,in _api_call
    return self._make_api_call(operation_name,kwargs)
  File "/var/runtime/botocore/client.py",line 676,in _make_api_call
    raise error_class(parsed_response,operation_name)```

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）