无服务器 s3 事件监听器
Serverless s3 event listener
我有以下serverless.yml
service: sl-hliq-cognitive-trigger
custom: ${file(env.yml)}
plugins:
serverless-plugin-existing-s3
provider:
name: aws
runtime: python3.6
stage: ${self:custom.environment}
deploymentBucket:
name: ${self:custom.deploymentBucket}
serverSideEncryption: AES256
role:
Fn::GetAtt: [ ServiceRole, Arn ]
region: ${self:custom.region}
functions:
lambda_trigger:
name: ${self:service}-${self:custom.environment}
description: Test lambda lambda_trigger
handler: handler.lambda_handler
tags:
project: "hliq-cognitive-srv"
owner: "hliq-cognitive-srv-state"
environment: ${self:custom.environment}
events:
- existingS3:
bucket: ${self:custom.listen_bucket_name}
event: s3:ObjectCreated:*
rules:
- prefix: ${self:custom.listen_prefix_name}
package:
artifact: package.zip
resources:
Resources:
ServiceRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${self:custom.environment}
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:service}-${self:custom.environment}
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DetachNetworkInterface
- ec2:DeleteNetworkInterface
Resource: "*"
- Sid: "BucketAccess"
Effect: "Allow"
Action:
- "s3:Get*"
- "s3:List*"
Resource:
- "arn:aws:s3:::${self:custom.listen_bucket_name}"
- "arn:aws:s3:::${self:custom.listen_bucket_name}/${self:custom.listen_prefix_name}*"
简而言之,它只是在存储桶中创建对象时的 lambda 事件。我已经转到 s3 存储桶并出现以下错误。
Unable to validate the following destination configurations. Not authorized to invoke function
这让我相信我需要在 s3 存储桶端配置一些东西以允许调用我的 lambda。有没有办法在无服务器中做到这一点?
尝试添加"s3:PutBucketNotification"权限。
干杯,
我有以下serverless.yml
service: sl-hliq-cognitive-trigger
custom: ${file(env.yml)}
plugins:
serverless-plugin-existing-s3
provider:
name: aws
runtime: python3.6
stage: ${self:custom.environment}
deploymentBucket:
name: ${self:custom.deploymentBucket}
serverSideEncryption: AES256
role:
Fn::GetAtt: [ ServiceRole, Arn ]
region: ${self:custom.region}
functions:
lambda_trigger:
name: ${self:service}-${self:custom.environment}
description: Test lambda lambda_trigger
handler: handler.lambda_handler
tags:
project: "hliq-cognitive-srv"
owner: "hliq-cognitive-srv-state"
environment: ${self:custom.environment}
events:
- existingS3:
bucket: ${self:custom.listen_bucket_name}
event: s3:ObjectCreated:*
rules:
- prefix: ${self:custom.listen_prefix_name}
package:
artifact: package.zip
resources:
Resources:
ServiceRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${self:custom.environment}
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:service}-${self:custom.environment}
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DetachNetworkInterface
- ec2:DeleteNetworkInterface
Resource: "*"
- Sid: "BucketAccess"
Effect: "Allow"
Action:
- "s3:Get*"
- "s3:List*"
Resource:
- "arn:aws:s3:::${self:custom.listen_bucket_name}"
- "arn:aws:s3:::${self:custom.listen_bucket_name}/${self:custom.listen_prefix_name}*"
简而言之,它只是在存储桶中创建对象时的 lambda 事件。我已经转到 s3 存储桶并出现以下错误。
Unable to validate the following destination configurations. Not authorized to invoke function
这让我相信我需要在 s3 存储桶端配置一些东西以允许调用我的 lambda。有没有办法在无服务器中做到这一点?
尝试添加"s3:PutBucketNotification"权限。
干杯,