AWS Cloudformation-通过规则事件调用Lambda失败 [英] AWS Cloudformation - Invocation of Lambda by Rule Event failed
问题描述
我试图以cloudformation形式创建一个模板,该模板具有由一个cloudwatch事件规则(每10分钟)触发一次的lambda函数。在cloudwatch图中,我可以看到调用,但也可以看到所有失败的调用。我认为这是规则作用的问题,但我无法弄清楚。
I tried to create a template in cloudformation, having a lambda function triggered by one cloudwatch event rule(every 10minutes). In the cloudwatch graph, I can see the invocations but also all failedinvocation. I believe it is an problem of role of the rule but I can't figure out it.
这是您可以在cloudformation设计器中看到的模板。
Here is my template that you can see in the cloudformation designer.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Metadata": {
"AWS::CloudFormation::Designer": {
"d1498a15-7d12-4ec9-bba6-3ba163574a10": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 450,
"y": 90
},
"z": 1,
"embeds": []
},
"afe4f2cd-0634-4114-8327-1ecf60933475": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 310,
"y": 90
},
"z": 1,
"embeds": [],
"isrelatedto": [
"d1498a15-7d12-4ec9-bba6-3ba163574a10"
]
},
"c7843bb1-3134-44e7-9463-f9054118e52b": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 150,
"y": 90
},
"z": 1,
"embeds": [],
"isrelatedto": [
"afe4f2cd-0634-4114-8327-1ecf60933475",
"40b5efaf-5cdd-449e-9155-177461dd4d8e"
]
},
"ef4c0b58-6bb9-46c2-a4b4-64260aa2b35d": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 310,
"y": -30
},
"z": 1,
"embeds": []
},
"40b5efaf-5cdd-449e-9155-177461dd4d8e": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 310,
"y": -40
},
"z": 0,
"embeds": [],
"isrelatedto": [
"afe4f2cd-0634-4114-8327-1ecf60933475"
]
}
}
},
"Resources": {
"IAMR3JNYX": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
],
"Policies": [
{
"PolicyName": "s3BackupBucket",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": {
"Fn::Join": [
"",
[
"*"
]
]
}
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": {
"Fn::Join": [
"",
[
"*"
]
]
}
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
}
]
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "d1498a15-7d12-4ec9-bba6-3ba163574a10"
}
}
},
"ER1SCU1": {
"Type": "AWS::Events::Rule",
"Properties": {
"Description": "launch the lambda function every 10min",
"Name": "eachDay",
"ScheduleExpression": "cron(0/10 * ? * * *)",
"State": "ENABLED",
"RoleArn": {
"Fn::GetAtt": [
"IAMR25JO4",
"Arn"
]
},
"Targets": [
{
"Arn": {
"Fn::GetAtt": [
"CreateBackUp",
"Arn"
]
},
"Id": "CreateBackUp"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "c7843bb1-3134-44e7-9463-f9054118e52b"
}
}
},
"CreateBackUp": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Handler": "index.handler",
"Runtime": "nodejs4.3",
"Timeout": "76",
"Role": {
"Fn::GetAtt": [
"IAMR3JNYX",
"Arn"
]
},
"Code": {
"ZipFile": {
"Fn::Join": [
"",
[
"my function ..."
]
]
}
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "afe4f2cd-0634-4114-8327-1ecf60933475"
}
}
},
"IAMR25JO4": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
],
"Policies": [
{
"PolicyName": "InvokeBackUpLambda",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:*"
],
"Resource": {
"Fn::GetAtt": [
"CreateBackUp",
"Arn"
]
}
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
}
]
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "40b5efaf-5cdd-449e-9155-177461dd4d8e"
}
}
}
}
}
推荐答案
有点晚了,但是这里的基本问题是您缺少 AWS :: Lambda:Permission
的条目。您需要创建一个条目,以使事件规则可以像这样调用lambda(我更喜欢yaml,但您知道了):
It's a little late, but the basic issue here is that you're missing an entry for the AWS::Lambda:Permission
. You need to create an entry that allows your event rule to invoke your lambda like so (I prefer yaml, but you get the idea):
LambdaInvokePermission:
Type: "AWS::Lambda::Permission"
Properties:
FunctionName: !GetAtt
- CreateBackUp
- Arn
Action: 'lambda:InvokeFunction'
Principal: events.amazonaws.com
SourceArn: !GetAtt
- ER1SCU1
- Arn
这篇关于AWS Cloudformation-通过规则事件调用Lambda失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!