SubnetIds 和 SecurityGroupIds 的 Lambda 模板失败

Lambda template fails for SubnetIds and SecurityGroupIds

我的 sam 函数中有以下模板:

Resources:
  TagChangedFunction:
    Type: AWS::Serverless::Function
      Properties:
        CodeUri: tag_changed_function
        Handler: tag_changed/app.lambda_handler
        Runtime: python3.8
        Policies:
        - VPCAccessPolicy: {}
        - Statement:
          - Sid: EC2DescribeInstancesPolicy
            Effect: "Allow"
            Action:
            - ec2:DescribeInstances
            Resource: '*'
        VpcConfig:
          SubnetIds:
            - sg-061328bxxxxx
          SecurityGroupIds:
            - subnet-03afd77xxxxx
        Events:
          TagChanged:
            Type: CloudWatchEvent
            Properties:
              Pattern:
                source:
                  - aws.tag
                detail-type:
                  - Tag Change on Resource

(我用 xxxxx 屏蔽了模板中的 SubnetIdsSecurityGroupIds)。

但是当我构建并尝试将我的代码上传到 aws 时,我收到以下错误消息:

2 validation errors detected: Value
'[subnet-061328bxxxxx]' at
'vpcConfig.securityGroupIds' failed to satisfy
constraint: Member must satisfy constraint: [Member must
have length less than or equal to 1024, Member must have
length greater than or equal to 0, Member must satisfy
regular expression pattern: ^sg-[0-9a-z]*$]; Value
'[sg-03afd77xxxxx]' at 'vpcConfig.subnetIds' failed
to satisfy constraint: Member must satisfy constraint:
[Member must have length less than or equal to 1024,
Member must have length greater than or equal to 0,
Member must satisfy regular expression pattern:
^subnet-[0-9a-z]*$] (Service: AWSLambdaInternal; Status
Code: 400; Error Code: ValidationException; Request ID:
641be279-a48f-4249-b0a1-3e221f8bbdf

(再次用 xxxxxx 屏蔽)

据我所知,正则表达式约束得到满足。有人看到模板有什么问题吗?

如果我删除 VpcConfig 部分,它可以正常上传。

您在子网部分提供了 sg ID,在 SG 部分提供了子网 ID。请尝试以下

Resources:
  TagChangedFunction:
    Type: AWS::Serverless::Function
      Properties:
        CodeUri: tag_changed_function
        Handler: tag_changed/app.lambda_handler
        Runtime: python3.8
        Policies:
        - VPCAccessPolicy: {}
        - Statement:
          - Sid: EC2DescribeInstancesPolicy
            Effect: "Allow"
            Action:
            - ec2:DescribeInstances
            Resource: '*'
        VpcConfig:
          SubnetIds:
            - subnet-03afd77xxxxx
          SecurityGroupIds:
            - sg-061328bxxxxx
        Events:
          TagChanged:
            Type: CloudWatchEvent
            Properties:
              Pattern:
                source:
                  - aws.tag
                detail-type:
                  - Tag Change on Resource