Amazon web services 是否可以在不同的帐户中调用lambda？

我在一个账户上有一个lambda，并附上此保单：

{
  "Sid": "Id-123",
  "Effect": "Allow",
  "Principal": { "AWS": "arn:aws:iam::115333656057:root"},
  "Action": "lambda:InvokeFunction",
  "Resource": "arn:aws:lambda:eu-central-1:260143830488:function:CentralInstanceScheduler-InstanceSchedulerMain"
}

当我从帐户115333656057创建堆栈时，我的用户试图执行lambda，我得到了以下错误：

  User: arn:aws:iam::115333656057:user/uguesm is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:eu-central-1:260143830488:function:CentralizedInstanceScheduler-InstanceSchedulerMain

---

我做错了什么？

在帐户260143830488中-编辑您的角色，将策略添加到InvokeFunction，并为另一个帐户添加信任策略

权限：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:eu-central-1:260143830488:function:CentralInstanceScheduler-InstanceSchedulerMain"
    },
  ]
}

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": "sts:AssumeRole",
    "Resource": "arn:aws:iam::260143830488:role/<RoleName>"
  }
}

信任关系策略：

{
  "Sid": "Id-123",
  "Effect": "Allow",
  "Principal": { "AWS": "arn:aws:iam::115333656057:role/<lambda-role>"},
  "Action": "sts:AssumeRole",
}

---

我创建了所有描述的资源，但省略了一些细节。lambda函数由aws CustomResource

“Resources”：{“OfficehoursSwitzerland”：{“Type”：“Custom:：ServiceInstanceSchedule”，“Properties”：{“ServiceToken”：“arn:aws:lambda:eu-central-1:260143830488:function:CentralInstanceScheduler”上的CloudFormation从帐户115333656057触发，

我似乎无法像通常将InstanceProfile分配给ec2实例那样为该资源分配正确的角色…我猜您在创建堆栈时没有设置角色？您确定在创建堆栈时传递角色吗？

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Principal": {"Service": "lambda.amazonaws.com"},
    "Action": "sts:AssumeRole"
  }
}