Я создал функции api и lambda без сервера, как показано ниже. Есть ли способ ограничить доступ к лямбда-функции, чтобы только пользователи из группы пользователей AdminGroup могли вызывать функцию?
Parameters:
ApplicationName:
Type: String
Default: MyApp
Description: Application Name
Resources:
MyApi:
Type: AWS::Serverless::Api
Properties:
Name: My Api Gateway
Auth:
Authorizers:
CognitoAuth:
Properties:
Name: !Join ['-',[!Ref ApplicationName, "Cognito"]]
UserPool: !GetAtt UserPool.Arn
RequestHeader: Authorization
UserPool:
Type: AWS::Cognito::UserPool
UserPoolName: !Ref ApplicationName
UserPoolWebClient:
Type: AWS::Cognito::UserPoolClient
Properties:
UserPoolId: !Ref UserPool
ClientName: !Join ['-',[!Ref ApplicationName, "WebApp"]]
GenerateSecret: false
AdminGroup:
Type: AWS::Cognito::UserPoolGroup
Properties:
Description: Admin User Group
GroupName: !Join ['-',[!Ref ApplicationName, "AdminGroup"]]
Precedence: 0
UserPoolId: !Ref UserPool
AddProductFunction:
Type: AWS::Serverless::Function
DependsOn: ProductsTable
Properties:
CodeUri: lambda/
Handler: app.createProduct
Runtime: nodejs10.x
Events:
CreateProduct:
Type: Api
Properties:
Path: /product/create
Method: post
RestApiId: !Ref MyApi
Auth:
Authorizer: CognitoAuth