【问题标题】:Lambda permission not being created when using cloudformation使用 cloudformation 时未创建 Lambda 权限
【发布时间】:2022-01-25 03:55:39
【问题描述】:

我正在尝试使用 cloudformation 创建一个简单的基础设施。我必须创建一个 Rest API Gateway 和 Lambda 函数。该函数将使用 API Gateway 调用。

API 网关 > Lambda

cloudformation 代码如下(我没有展示与角色创建或托管策略相关的代码)。

    medtestFunction:
        Type: "AWS::Lambda::Function"
        Properties:
            Description: ""
            Environment: 
                Variables: 
                    APIID: !Ref medTestRestapi
                    SLACK_VERIFICATION_TOKEN:
                      Ref: SlackVerificationToken
                    SLACK_INCOMING_WEBHOOK_URL:
                      Ref: SlackIncomingWebhookURL
            FunctionName: "med-test2"
            Handler: "index.handler"
            Architectures: 
              - "x86_64"
            Code: 
                S3Bucket:
                  Ref: S3CodeBucket
                S3Key:
                  Ref: MedTestFunctionS3Key
            MemorySize: 128
            Role: !GetAtt medtestrole.Arn
            Runtime: "nodejs14.x"
            Timeout: 6
            TracingConfig: 
                Mode: "PassThrough"

medTestRestapi:
        Type: "AWS::ApiGateway::RestApi"
        Properties:
            Name: "medtest2"
            Description: "medtest2"
            ApiKeySourceType: "HEADER"
            EndpointConfiguration: 
                Types: 

  medTestApiStage:
        Type: "AWS::ApiGateway::Stage"
        Properties:
            StageName: "a"
            DeploymentId: !Ref medTestApiDeployment
            RestApiId: !Ref medTestRestapi
            Description: "a"
            CacheClusterEnabled: false
            TracingEnabled: false

    medTestApiMethod:
        DependsOn: medtestFunction
        Type: "AWS::ApiGateway::Method"
        Properties:
            RestApiId: !Ref medTestRestapi
            ResourceId: !GetAtt medTestRestapi.RootResourceId
            HttpMethod: "POST"
            AuthorizationType: "NONE"
            ApiKeyRequired: false
            RequestParameters: {}
            MethodResponses: 
              - 
                ResponseModels: 
                    "application/json": "Empty"
                StatusCode: "200"
            Integration:
                ContentHandling: "CONVERT_TO_TEXT"
                IntegrationHttpMethod: "POST"
                IntegrationResponses: 
                  - 
                    ResponseTemplates: {}
                    StatusCode: "200"
                PassthroughBehavior: "WHEN_NO_MATCH"
                TimeoutInMillis: 29000
                Type: "AWS_PROXY"
                Uri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:med-test2/invocations"


    medTestApiDeployment:
        DependsOn: medTestApiMethod
        Type: "AWS::ApiGateway::Deployment"
        Properties:
            RestApiId: !Ref medTestRestapi
            Description: "a"

    medTestFunctionPermission:
        DependsOn: [medTestApiDeployment, medTestApiMethod]
        Type: "AWS::Lambda::Permission"
        Properties:
            Action: "lambda:InvokeFunction"
            FunctionName: !GetAtt medtestFunction.Arn
            Principal: "apigateway.amazonaws.com"
            SourceArn: !Join [ ":", ["arn:aws:execute-api", !Ref AWS::Region, !Ref AWS::AccountId, !Ref medTestRestapi, "/*/POST/" ] ]

当我检查它说的函数时创建堆栈后

无法找到 ID 为 : 的 API。

但是当我在创建的堆栈顶部使用控制台手动添加触发器时,它就可以工作了。知道我做错了什么吗?谢谢

【问题讨论】:

    标签: amazon-web-services aws-lambda amazon-cloudformation aws-api-gateway


    【解决方案1】:

    SourceArn 中的一个冒号太多,medTestFunctionPermission API 网关 ID 后面的那个

    你有: arn:aws:execute-api:eu-west-1:<accountId>:<apiGWId>:/*/POST/

    应该是: arn:aws:execute-api:eu-west-1:<accountId>:<apiGWId>/*/POST/

    您可以使用!Sub 代替!Join。更容易阅读:

    SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${medTestRestapi}/*/POST/
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2022-09-28
      • 2019-04-29
      • 2019-06-29
      • 2020-09-12
      • 2019-11-08
      • 2013-01-15
      • 2018-07-22
      • 1970-01-01
      相关资源
      最近更新 更多