SubnetIds 和 SecurityGroupIds 的 Lambda 模板失败
Lambda template fails for SubnetIds and SecurityGroupIds
我的 sam 函数中有以下模板:
Resources:
TagChangedFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: tag_changed_function
Handler: tag_changed/app.lambda_handler
Runtime: python3.8
Policies:
- VPCAccessPolicy: {}
- Statement:
- Sid: EC2DescribeInstancesPolicy
Effect: "Allow"
Action:
- ec2:DescribeInstances
Resource: '*'
VpcConfig:
SubnetIds:
- sg-061328bxxxxx
SecurityGroupIds:
- subnet-03afd77xxxxx
Events:
TagChanged:
Type: CloudWatchEvent
Properties:
Pattern:
source:
- aws.tag
detail-type:
- Tag Change on Resource
(我用 xxxxx 屏蔽了模板中的 SubnetIds 和 SecurityGroupIds)。
但是当我构建并尝试将我的代码上传到 aws 时,我收到以下错误消息:
2 validation errors detected: Value
'[subnet-061328bxxxxx]' at
'vpcConfig.securityGroupIds' failed to satisfy
constraint: Member must satisfy constraint: [Member must
have length less than or equal to 1024, Member must have
length greater than or equal to 0, Member must satisfy
regular expression pattern: ^sg-[0-9a-z]*$]; Value
'[sg-03afd77xxxxx]' at 'vpcConfig.subnetIds' failed
to satisfy constraint: Member must satisfy constraint:
[Member must have length less than or equal to 1024,
Member must have length greater than or equal to 0,
Member must satisfy regular expression pattern:
^subnet-[0-9a-z]*$] (Service: AWSLambdaInternal; Status
Code: 400; Error Code: ValidationException; Request ID:
641be279-a48f-4249-b0a1-3e221f8bbdf
(再次用 xxxxxx 屏蔽)
据我所知,正则表达式约束得到满足。有人看到模板有什么问题吗?
如果我删除 VpcConfig 部分,它可以正常上传。
您在子网部分提供了 sg ID,在 SG 部分提供了子网 ID。请尝试以下
Resources:
TagChangedFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: tag_changed_function
Handler: tag_changed/app.lambda_handler
Runtime: python3.8
Policies:
- VPCAccessPolicy: {}
- Statement:
- Sid: EC2DescribeInstancesPolicy
Effect: "Allow"
Action:
- ec2:DescribeInstances
Resource: '*'
VpcConfig:
SubnetIds:
- subnet-03afd77xxxxx
SecurityGroupIds:
- sg-061328bxxxxx
Events:
TagChanged:
Type: CloudWatchEvent
Properties:
Pattern:
source:
- aws.tag
detail-type:
- Tag Change on Resource
我的 sam 函数中有以下模板:
Resources:
TagChangedFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: tag_changed_function
Handler: tag_changed/app.lambda_handler
Runtime: python3.8
Policies:
- VPCAccessPolicy: {}
- Statement:
- Sid: EC2DescribeInstancesPolicy
Effect: "Allow"
Action:
- ec2:DescribeInstances
Resource: '*'
VpcConfig:
SubnetIds:
- sg-061328bxxxxx
SecurityGroupIds:
- subnet-03afd77xxxxx
Events:
TagChanged:
Type: CloudWatchEvent
Properties:
Pattern:
source:
- aws.tag
detail-type:
- Tag Change on Resource
(我用 xxxxx 屏蔽了模板中的 SubnetIds 和 SecurityGroupIds)。
但是当我构建并尝试将我的代码上传到 aws 时,我收到以下错误消息:
2 validation errors detected: Value
'[subnet-061328bxxxxx]' at
'vpcConfig.securityGroupIds' failed to satisfy
constraint: Member must satisfy constraint: [Member must
have length less than or equal to 1024, Member must have
length greater than or equal to 0, Member must satisfy
regular expression pattern: ^sg-[0-9a-z]*$]; Value
'[sg-03afd77xxxxx]' at 'vpcConfig.subnetIds' failed
to satisfy constraint: Member must satisfy constraint:
[Member must have length less than or equal to 1024,
Member must have length greater than or equal to 0,
Member must satisfy regular expression pattern:
^subnet-[0-9a-z]*$] (Service: AWSLambdaInternal; Status
Code: 400; Error Code: ValidationException; Request ID:
641be279-a48f-4249-b0a1-3e221f8bbdf
(再次用 xxxxxx 屏蔽)
据我所知,正则表达式约束得到满足。有人看到模板有什么问题吗?
如果我删除 VpcConfig 部分,它可以正常上传。
您在子网部分提供了 sg ID,在 SG 部分提供了子网 ID。请尝试以下
Resources:
TagChangedFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: tag_changed_function
Handler: tag_changed/app.lambda_handler
Runtime: python3.8
Policies:
- VPCAccessPolicy: {}
- Statement:
- Sid: EC2DescribeInstancesPolicy
Effect: "Allow"
Action:
- ec2:DescribeInstances
Resource: '*'
VpcConfig:
SubnetIds:
- subnet-03afd77xxxxx
SecurityGroupIds:
- sg-061328bxxxxx
Events:
TagChanged:
Type: CloudWatchEvent
Properties:
Pattern:
source:
- aws.tag
detail-type:
- Tag Change on Resource