Serverless 添加假定角色以允许 cloudwatch 调用 lambda
Serverless add assumed role to allow cloudwatch to call lambda
我试图让 cloudwatch 在 serverless.yml 中执行 lambda 函数。我可以通过 CLI 执行此操作。我怎样才能在 serverless.yml 内做到这一点?
CLI 命令from here:
aws lambda add-permission --function-name XXX --statement-id MyId --action 'lambda:InvokeFunction' --principal events.amazonaws.com --source-arn arn:aws:events:us-east-1:1232132323:rule/XXXX
我尝试了 from here,但立即出现部署错误:
functions:
generateFile:
handler: api/handler.generateFile
tags:
LiveOrTest: test
# to allow cloudwatch to invoke lambdas
resources:
Resources:
cleanLambdaPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [cleanLambdaFunction, Arn]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "*"
您的 AWS::Lambda::Permission 中唯一明显的问题是 ARN 不正确:
SourceArn: "*"
您不能将 * 作为 ARN,而应该是:
SourceArn: "arn:aws:events:us-east-1:1232132323:rule/XXXX"
或者,您可以 删除 整个 SourceArn 属性.
我试图让 cloudwatch 在 serverless.yml 中执行 lambda 函数。我可以通过 CLI 执行此操作。我怎样才能在 serverless.yml 内做到这一点?
CLI 命令from here:
aws lambda add-permission --function-name XXX --statement-id MyId --action 'lambda:InvokeFunction' --principal events.amazonaws.com --source-arn arn:aws:events:us-east-1:1232132323:rule/XXXX
我尝试了 from here,但立即出现部署错误:
functions:
generateFile:
handler: api/handler.generateFile
tags:
LiveOrTest: test
# to allow cloudwatch to invoke lambdas
resources:
Resources:
cleanLambdaPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [cleanLambdaFunction, Arn]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "*"
您的 AWS::Lambda::Permission 中唯一明显的问题是 ARN 不正确:
SourceArn: "*"
您不能将 * 作为 ARN,而应该是:
SourceArn: "arn:aws:events:us-east-1:1232132323:rule/XXXX"
或者,您可以 删除 整个 SourceArn 属性.