aws batch:使用 lambda 提交作业
aws batch: submit job using lambda
上下文:AWS、S3、Lambda、Batch。
我有一个在 S3 存储桶中上传文件时触发的 lambda。我希望 lambda 提交批处理作业。
(编辑:S3 和 Lambda 之间一切正常。问题出在 Lambda 和 Batch 之间。)
Q: 作用是什么 我必须给lambda顺序能够提交批处理作业?
我的 lambda 得到 AccessDeniedException
并且在以下情况下无法提交作业:
const params = {
jobDefinition: BATCH_JOB_DEFINITION,
jobName: BATCH_JOB_NAME,
jobQueue: BATCH_JOB_QUEUE,
};
Batch.submitJob(params).promise() .then .......
您可以创建类似 AWS Batch Managed Policy
、
的策略
以下策略允许管理员访问,您可以根据需要进行修改:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"batch:*",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ecs:DescribeClusters",
"ecs:Describe*",
"ecs:List*",
"logs:Describe*",
"logs:Get*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"iam:ListInstanceProfiles",
"iam:ListRoles"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": ["iam:PassRole"],
"Resource": [
"arn:aws:iam::*:role/AWSBatchServiceRole",
"arn:aws:iam::*:role/ecsInstanceRole",
"arn:aws:iam::*:role/iaws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/aws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/AWSBatchJobRole*"
]
}
]
}
将策略附加到 lambda 并重试,参考 AWS Documentation
看来这就是我要找的角色:batch:SubmitJob
。使用此角色,lambda 能够提交作业。
iamRoleStatements:
- Effect: Allow
Action:
- batch:SubmitJob
Resource: "arn:aws:batch:*:*:*"
上下文:AWS、S3、Lambda、Batch。
我有一个在 S3 存储桶中上传文件时触发的 lambda。我希望 lambda 提交批处理作业。
(编辑:S3 和 Lambda 之间一切正常。问题出在 Lambda 和 Batch 之间。)
Q: 作用是什么 我必须给lambda顺序能够提交批处理作业?
我的 lambda 得到 AccessDeniedException
并且在以下情况下无法提交作业:
const params = {
jobDefinition: BATCH_JOB_DEFINITION,
jobName: BATCH_JOB_NAME,
jobQueue: BATCH_JOB_QUEUE,
};
Batch.submitJob(params).promise() .then .......
您可以创建类似 AWS Batch Managed Policy
、
以下策略允许管理员访问,您可以根据需要进行修改:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"batch:*",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ecs:DescribeClusters",
"ecs:Describe*",
"ecs:List*",
"logs:Describe*",
"logs:Get*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"iam:ListInstanceProfiles",
"iam:ListRoles"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": ["iam:PassRole"],
"Resource": [
"arn:aws:iam::*:role/AWSBatchServiceRole",
"arn:aws:iam::*:role/ecsInstanceRole",
"arn:aws:iam::*:role/iaws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/aws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/AWSBatchJobRole*"
]
}
]
}
将策略附加到 lambda 并重试,参考 AWS Documentation
看来这就是我要找的角色:batch:SubmitJob
。使用此角色,lambda 能够提交作业。
iamRoleStatements:
- Effect: Allow
Action:
- batch:SubmitJob
Resource: "arn:aws:batch:*:*:*"