无服务器框架 - 无法为任务状态生成 IAM 策略语句
Serverless Framework - Cannot generate IAM policy statement for Task state
我正在尝试使用无服务器框架来部署调用几个 lambda 的步骤函数。这是我的 serverless.yml:
org: bizrob
app: flexipod-2-queue
service: flexipod-2-queue
frameworkVersion: "2 || 3"
custom:
region: eu-west-1
provider:
name: aws
runtime: nodejs14.x
plugins:
- serverless-step-functions
functions:
pullSqlSvr:
handler: flexipod-2-queue/pullSqlSvrData.pullSqlSvr
environment:
REGION: ${self:custom.region}
API_VERSION_S3: "2006-03-01"
API_VERSION_SQS: "2012-11-05"
SQS_QUEUE_URL: !Ref "MyQueue"
sendToDataLake:
handler: queue-2-datalake/sendToDataLake.sendBatchToQueue
environment:
REGION: ${self:custom.region}
API_VERSION_S3: "2006-03-01"
API_VERSION_SQS: "2012-11-05"
stepFunctions:
stateMachines:
flexipodFlow:
name: flexipodFlow
definition:
StartAt: pullSqlSvr
States:
pullSqlSvr:
Type: Task
Resource:
Fn::GetAtt:[pullSqlSvr, Arn]
Next: sendToDataLake
sendToDataLake:
Type: Task
Resource:
Fn::GetAtt:[sendToDataLake, Arn]
End: true
resources:
Resources:
MyQueue:
Type: "AWS::SQS::Queue"
Properties:
QueueName: "flexipod"
当我 运行 无服务器部署时,我看到以下错误:
Deploying flexipod-2-queue to stage dev (us-east-1, "serverless-admin-2" provider) Cannot generate IAM policy statement for Task state { Type: 'Task', Resource: 'Fn::GetAtt:[pullSqlSvr, Arn]', Next: 'sendToDataLake' } Cannot generate IAM policy statement for Task state { Type: 'Task', Resource: 'Fn::GetAtt:[sendToDataLake, Arn]', End: true }
× Stack flexipod-2-queue-dev failed to deploy (72s) Environment: win32, node 16.1.0, framework 3.0.0, plugin 6.0.0, SDK 4.3.0 Credentials: Serverless Dashboard, "serverless-admin-2" provider (https://app.serverless.com/bizrob/apps/flexipod-2-queue/flexipod-2-queue/dev/us-east-1/providers) Docs: docs.serverless.com Support: forum.serverless.com Bugs: github.com/serverless/serverless/issues
Error: CREATE_FAILED: FlexipodFlow (AWS::StepFunctions::StateMachine) Resource handler returned message: "Invalid State Machine Definition: 'SCHEMA_VALIDATION_FAILED: Value is not a valid resource ARN at /States/pullSqlSvr/Resource, SCHEMA_VALIDATION_FAILED: Value is not a valid resource ARN at /States/sendToDataLake/Resource' (Service: AWSStepFunctions; Status Code: 400; Error Code: InvalidDefinition
有什么解决办法的建议吗?
根据我的经验,如果 Steps
块中的任何键以小写字母开头,serverless-step-functions
将无法正确部署。将其更改为看似 case-sensitive 的等效项,如下所示,然后重新部署可能会成功:
States:
PullSqlSvr:
Type: Task
Resource:
Fn::GetAtt:[pullSqlSvr, Arn]
Next: sendToDataLake
SendToDataLake:
Type: Task
Resource:
Fn::GetAtt:[sendToDataLake, Arn]
End: true
(我刚刚将 pullSqlSvr
和 sendToDataLake
转换为它们的 PascalCase 等价物 PullSqlSvr
和 SendToDataLake
。)
这是一个 YAML 语法问题。 Fn::GetAtt:[pullSqlSvr, Arn]
被解析为字符串,而不是 key-value 对。在最后一个冒号后添加 space,或使用 !GetAtt
快捷方式。
Resource:
Fn::GetAtt:[pullSqlSvr, Arn] # string :(
Fn::GetAtt: [pullSqlSvr, Arn] # key-value :)
!GetAtt pullSqlSvr.Arn # alternative shorthand intrinsic function :)