【问题标题】:Terraform - Multiple aws_s3_bucket_notification triggers on the same bucketTerraform - 同一个存储桶上的多个 aws_s3_bucket_notification 触发器
【发布时间】:2020-06-15 13:35:06
【问题描述】:

我需要为 S3 存储桶创建触发器。我们使用以下内容来创建触发器:

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = var.aws_s3_bucket_id

  lambda_function {
    lambda_function_arn = var.lambda_function_arn
    events              = ["s3:ObjectCreated:Put"]
    filter_prefix       = var.filter_prefix
    filter_suffix       = var.filter_suffix
  }
}

当存储桶没有触发器时,这可以正常工作,除了生产之外的所有环境都是这种情况。 当我们部署生产时,我们看到存储桶上已经存在的触发器被删除了。我们需要两个触发器。 我可以手动添加另一个触发器,例如只需更改前缀即可添加一个 PUT 事件触发器,但是当我从 Terraform 执行此操作时,前一个总是被删除。我有什么遗漏吗?

【问题讨论】:

    标签: amazon-web-services amazon-s3 terraform terraform-provider-aws


    【解决方案1】:

    aws_s3_bucket_notification resource documentation 在顶部提到了这一点:

    注意: S3 存储桶仅支持单一通知配置。将多个 aws_s3_bucket_notification 资源声明到同一个 S3 存储桶将导致配置的永久差异。有关选项,请参阅示例“触发多个 Lambda 函数”。

    他们的示例显示了如何通过在 aws_s3_bucket_notification 资源中添加多个 lambda_function 块来完成此操作:

    resource "aws_iam_role" "iam_for_lambda" {
      name = "iam_for_lambda"
    
      assume_role_policy = <<EOF
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "sts:AssumeRole",
          "Principal": {
            "Service": "lambda.amazonaws.com"
          },
          "Effect": "Allow"
        }
      ]
    }
    EOF
    }
    
    resource "aws_lambda_permission" "allow_bucket1" {
      statement_id  = "AllowExecutionFromS3Bucket1"
      action        = "lambda:InvokeFunction"
      function_name = "${aws_lambda_function.func1.arn}"
      principal     = "s3.amazonaws.com"
      source_arn    = "${aws_s3_bucket.bucket.arn}"
    }
    
    resource "aws_lambda_function" "func1" {
      filename      = "your-function1.zip"
      function_name = "example_lambda_name1"
      role          = "${aws_iam_role.iam_for_lambda.arn}"
      handler       = "exports.example"
      runtime       = "go1.x"
    }
    
    resource "aws_lambda_permission" "allow_bucket2" {
      statement_id  = "AllowExecutionFromS3Bucket2"
      action        = "lambda:InvokeFunction"
      function_name = "${aws_lambda_function.func2.arn}"
      principal     = "s3.amazonaws.com"
      source_arn    = "${aws_s3_bucket.bucket.arn}"
    }
    
    resource "aws_lambda_function" "func2" {
      filename      = "your-function2.zip"
      function_name = "example_lambda_name2"
      role          = "${aws_iam_role.iam_for_lambda.arn}"
      handler       = "exports.example"
    }
    
    resource "aws_s3_bucket" "bucket" {
      bucket = "your_bucket_name"
    }
    
    resource "aws_s3_bucket_notification" "bucket_notification" {
      bucket = "${aws_s3_bucket.bucket.id}"
    
      lambda_function {
        lambda_function_arn = "${aws_lambda_function.func1.arn}"
        events              = ["s3:ObjectCreated:*"]
        filter_prefix       = "AWSLogs/"
        filter_suffix       = ".log"
      }
    
      lambda_function {
        lambda_function_arn = "${aws_lambda_function.func2.arn}"
        events              = ["s3:ObjectCreated:*"]
        filter_prefix       = "OtherLogs/"
        filter_suffix       = ".log"
      }
    }
    

    【讨论】:

      猜你喜欢
      • 2019-07-18
      • 2019-05-14
      • 2020-06-28
      • 2021-09-27
      • 2021-12-06
      • 1970-01-01
      • 2021-12-16
      • 2021-01-23
      • 2020-06-08
      相关资源
      最近更新 更多