3

我对 jwt 授权 lambda 函数的策略大小有疑问,所以我想通过配置 serverless.yml 文件来减少策略大小,以使用通配符(*)生成策略。我可以为 serverless.yml 中的所有功能设置全局授权者吗?

这是我的基于资源的策略的示例

 {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
      "Condition": {
        "ArnLike": {
          "AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-abcdefg123"
        }
      }
    },
    {
      "Sid": "2",
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
      "Condition": {
        "ArnLike": {
          "AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-abcdefg456"
        }
      }
    },

我想像这样改变它。

{
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
      "Condition": {
        "ArnLike": {
          "AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-*"
        }
      }
    }

serverless.yml 文件示例。我为每个功能设置了授权人。我想把它改成全局的。

functions:
  searchByProvince:
    handler: handler.searchByProvince
    reservedConcurrency: 10
    events:
      - http:
          path: /
          method: get
          cors:
            origin: "*"
          authorizer:
            arn: arn:aws:lambda:${self:provider.region}:${self:custom.accountId}:jwtAuthorizer

  province:
    handler: handler.province
    reservedConcurrency: 10
    events:
      - http:
          path: /provinces
          method: get
          cors:
            origin: "*"
          authorizer:
            arn: arn:aws:lambda:${self:provider.region}:${self:custom.accountId}:-${self:provider.stage}-jwtAuthorizer
4

0 回答 0