由于 "Invalid Lambda Function",AWS CDK 部署失败
AWS CDK failing to deploy due to "Invalid Lambda Function"
我正在尝试将 Lambda 授权方添加到 AWS CDK 中的 REST API。
const api = new apigw.RestApi(this, 'apiname', {
defaultCorsPreflightOptions: {
allowOrigins: apigw.Cors.ALL_ORIGINS
}
});
const authorizerFunction = new lambda.Function(this, "authorizerFunction", {
runtime: lambda.Runtime.PYTHON_3_7,
handler: "lambda_function.lambda_handler",
code: lambda.Code.fromAsset("lambda/authorizer"),
architecture: lambda.Architecture.X86_64,
environment: db_env,
layers:[psycopg2]
});
const apiAuthorizer = new apigw.CfnAuthorizer(this, 'apiAuthorizer', {
name: 'apiAuthorizer',
restApiId: api.restApiId,
type: 'TOKEN',
authorizerResultTtlInSeconds:0,
identitySource: 'method.request.header.Authorization',
authorizerUri:'arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/${authorizerFunction.functionArn}/invocations'
});
const auth = {authorizationType: apigw.AuthorizationType.CUSTOM, authorizer:{authorizerId: apiAuthorizer.attrAuthorizerId}}
...
// The same parameters for every new method
videos.addMethod('GET', new apigw.LambdaIntegration(videosGET, {proxy:true}), auth);
IDE 中没有弹出错误,Lambda 函数没有错误,应用程序引导程序正常。但是,在部署时,出现以下错误:
apiAuthorizer Resource handler returned message: "Invalid lambda function (Service: ApiGateway, Status Code: 400, Request ID: asdfasdfdafsd, Extended Request ID: null)" (RequestToken: fadsfasdfdasfds, HandlerErrorCode: AlreadyExists)
有人知道为什么会这样吗?这是此 lambda 函数或文档中任何位置的唯一实例,我已经用头撞墙好几天了,运行 没有选择。非常感谢!
日志:
✨ Synthesis time: 3.22s
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-lookup-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
(To get rid of this warning, please upgrade to bootstrap version >= 8)
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-deploy-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
stack: deploying...
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-deploy-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
[0%] start: Publishing 97a39e50dc5a7b919754b7f8e605cd4e9d15f49977e1a5107ac03c064a3cb217:current_account-current_region
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-file-publishing-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
[7%] success: Published 97a39e50dc5a7b919754b7f8e605cd4e9d15f49977e1a5107ac03c064a3cb217:current_account-current_region
[7%] start: Publishing b2ebdbbab148e87676b6d14b657bf8fadf12d7f232588789baae1222218a3581:current_account-current_region
[15%] success: Published b2ebdbbab148e87676b6d14b657bf8fadf12d7f232588789baae1222218a3581:current_account-current_region
[15%] start: Publishing 67c32e703c1fcd33bf2b9291f317cb2f7be41fbe8d9a4379730799473c252b04:current_account-current_region
[23%] success: Published 67c32e703c1fcd33bf2b9291f317cb2f7be41fbe8d9a4379730799473c252b04:current_account-current_region
[23%] start: Publishing 2ef1a148088a2b5a315ad35aad59e4af0b1c08b98200fdf0929ba95287ee6ce5:current_account-current_region
[30%] success: Published 2ef1a148088a2b5a315ad35aad59e4af0b1c08b98200fdf0929ba95287ee6ce5:current_account-current_region
[30%] start: Publishing cad80074c492c1ea50399558f50f858e2d0e9ac90e1b4ad7ac109df0a2958a8a:current_account-current_region
[38%] success: Published cad80074c492c1ea50399558f50f858e2d0e9ac90e1b4ad7ac109df0a2958a8a:current_account-current_region
[38%] start: Publishing 6ef219049e232514e013788f0058412a730d86012227431aef2d1ab6f8c739bf:current_account-current_region
[46%] success: Published 6ef219049e232514e013788f0058412a730d86012227431aef2d1ab6f8c739bf:current_account-current_region
[46%] start: Publishing c060a4ac2428713dd0429976f19d01689cdbed20829405e999462d4b5334db70:current_account-current_region
[53%] success: Published c060a4ac2428713dd0429976f19d01689cdbed20829405e999462d4b5334db70:current_account-current_region
[53%] start: Publishing df2c8d783eac0311e9f0bdd4cc62b80e7ad03137e7ca44b6f7af6196f1dceffb:current_account-current_region
[61%] success: Published df2c8d783eac0311e9f0bdd4cc62b80e7ad03137e7ca44b6f7af6196f1dceffb:current_account-current_region
[61%] start: Publishing 1a495f5e7c52f2b689c3a3aa6c40cb9b89d8e897ed865efb4d2066cf61151bb7:current_account-current_region
[69%] success: Published 1a495f5e7c52f2b689c3a3aa6c40cb9b89d8e897ed865efb4d2066cf61151bb7:current_account-current_region
[69%] start: Publishing c232c99bbc9150c88cb39eca0ae34e8a6491f31839670dcc41a692afbbd754e1:current_account-current_region
[76%] success: Published c232c99bbc9150c88cb39eca0ae34e8a6491f31839670dcc41a692afbbd754e1:current_account-current_region
[76%] start: Publishing b56591fc6ac5a4be79c50276c852b1bcdb1110cdc5851b62d6b207f9a857b723:current_account-current_region
[84%] success: Published b56591fc6ac5a4be79c50276c852b1bcdb1110cdc5851b62d6b207f9a857b723:current_account-current_region
[84%] start: Publishing 267ee2b42557489195406d74f30103325942e372718394c680804b940a1d1d2d:current_account-current_region
[92%] success: Published 267ee2b42557489195406d74f30103325942e372718394c680804b940a1d1d2d:current_account-current_region
[92%] start: Publishing 44692731cceaa457073cb1adf697962b9aabf1682c976d725cd0f9831fdb493b:current_account-current_region
[100%] success: Published 44692731cceaa457073cb1adf697962b9aabf1682c976d725cd0f9831fdb493b:current_account-current_region
stack: creating CloudFormation changeset...
[··························································] (0/70)
11:03:08 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | stack
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsDEL
ETE/ServiceRole
11:03:42 AM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMeta
data/Default
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | videosP
OSTvideo_id/ServiceRole
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | job_pro
cessing/Role
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsPOS
[█▋························································] (2/70)
11:03:08 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | stack
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsDEL
ETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsPOS
T/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | api/CloudWatchRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | videosD
ELETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsGET
[█▋························································] (2/70)
11:03:08 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | SniprCd
kStack
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsDEL
ETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsPOS
T/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | api/CloudWatchRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | videosD
ELETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsGET
/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | process
[███▎······················································] (4/70)
11:03:08 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | stack
11:03:49 AM | CREATE_FAILED | AWS::ApiGateway::Authorizer | apiAuth
orizer
Resource handler returned message: "Invalid lambda function (Service: ApiGatewa
y, Status Code: 400, Request ID: 11647356-1231-436e-a12d-fba981480fa0, Extended
Request ID: null)" (RequestToken: 05331070-96b2-5d6d-5980-fea5af68b6ef, Handler
ErrorCode: AlreadyExists)
[███▎······················································] (4/70)
11:03:49 AM | CREATE_FAILED | AWS::ApiGateway::Authorizer | apiAuth
orizer
Resource handler returned message: "Invalid lambda function (Service: ApiGatewa
y, Status Code: 400, Request ID: 11647356-1231-436e-a12d-fba981480fa0, Extended
Request ID: null)" (RequestToken: 05331070-96b2-5d6d-5980-fea5af68b6ef, Handler
ErrorCode: AlreadyExists)
11:03:51 AM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | stack
The following resource(s) failed to create: [apiCloudWatchRoleC6C2D749, jo
bsDELETEServiceRole0C5D10A6, initiateprocessingServiceRole7BED0381, getprocessi
ngstatusServiceRole0D15F29B, videosGETvideoidServiceRoleC34CF15F, videosDELETES
erviceRole1FFE92AA, authorizerFunctionServiceRoleE6AAF541, processkeywordsServi
ceRoleFA27296D, jobsGETServiceRoleF105C519, jobsPOSTServiceRoleD3CEA40B, apiAut
[███▎······················································] (4/70)
最终使用完全不同的结构解决了这个问题。从来没有弄清楚为什么会出现该错误。
const auth = new apigw.TokenAuthorizer(this, 'apiAuthorizer', {
handler: authorizerFunction,
authorizerName: "authorizer",
resultsCacheTtl:Duration.minutes(1)
});
我正在尝试将 Lambda 授权方添加到 AWS CDK 中的 REST API。
const api = new apigw.RestApi(this, 'apiname', {
defaultCorsPreflightOptions: {
allowOrigins: apigw.Cors.ALL_ORIGINS
}
});
const authorizerFunction = new lambda.Function(this, "authorizerFunction", {
runtime: lambda.Runtime.PYTHON_3_7,
handler: "lambda_function.lambda_handler",
code: lambda.Code.fromAsset("lambda/authorizer"),
architecture: lambda.Architecture.X86_64,
environment: db_env,
layers:[psycopg2]
});
const apiAuthorizer = new apigw.CfnAuthorizer(this, 'apiAuthorizer', {
name: 'apiAuthorizer',
restApiId: api.restApiId,
type: 'TOKEN',
authorizerResultTtlInSeconds:0,
identitySource: 'method.request.header.Authorization',
authorizerUri:'arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/${authorizerFunction.functionArn}/invocations'
});
const auth = {authorizationType: apigw.AuthorizationType.CUSTOM, authorizer:{authorizerId: apiAuthorizer.attrAuthorizerId}}
...
// The same parameters for every new method
videos.addMethod('GET', new apigw.LambdaIntegration(videosGET, {proxy:true}), auth);
IDE 中没有弹出错误,Lambda 函数没有错误,应用程序引导程序正常。但是,在部署时,出现以下错误:
apiAuthorizer Resource handler returned message: "Invalid lambda function (Service: ApiGateway, Status Code: 400, Request ID: asdfasdfdafsd, Extended Request ID: null)" (RequestToken: fadsfasdfdasfds, HandlerErrorCode: AlreadyExists)
有人知道为什么会这样吗?这是此 lambda 函数或文档中任何位置的唯一实例,我已经用头撞墙好几天了,运行 没有选择。非常感谢!
日志:
✨ Synthesis time: 3.22s
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-lookup-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
(To get rid of this warning, please upgrade to bootstrap version >= 8)
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-deploy-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
stack: deploying...
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-deploy-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
[0%] start: Publishing 97a39e50dc5a7b919754b7f8e605cd4e9d15f49977e1a5107ac03c064a3cb217:current_account-current_region
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-file-publishing-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
[7%] success: Published 97a39e50dc5a7b919754b7f8e605cd4e9d15f49977e1a5107ac03c064a3cb217:current_account-current_region
[7%] start: Publishing b2ebdbbab148e87676b6d14b657bf8fadf12d7f232588789baae1222218a3581:current_account-current_region
[15%] success: Published b2ebdbbab148e87676b6d14b657bf8fadf12d7f232588789baae1222218a3581:current_account-current_region
[15%] start: Publishing 67c32e703c1fcd33bf2b9291f317cb2f7be41fbe8d9a4379730799473c252b04:current_account-current_region
[23%] success: Published 67c32e703c1fcd33bf2b9291f317cb2f7be41fbe8d9a4379730799473c252b04:current_account-current_region
[23%] start: Publishing 2ef1a148088a2b5a315ad35aad59e4af0b1c08b98200fdf0929ba95287ee6ce5:current_account-current_region
[30%] success: Published 2ef1a148088a2b5a315ad35aad59e4af0b1c08b98200fdf0929ba95287ee6ce5:current_account-current_region
[30%] start: Publishing cad80074c492c1ea50399558f50f858e2d0e9ac90e1b4ad7ac109df0a2958a8a:current_account-current_region
[38%] success: Published cad80074c492c1ea50399558f50f858e2d0e9ac90e1b4ad7ac109df0a2958a8a:current_account-current_region
[38%] start: Publishing 6ef219049e232514e013788f0058412a730d86012227431aef2d1ab6f8c739bf:current_account-current_region
[46%] success: Published 6ef219049e232514e013788f0058412a730d86012227431aef2d1ab6f8c739bf:current_account-current_region
[46%] start: Publishing c060a4ac2428713dd0429976f19d01689cdbed20829405e999462d4b5334db70:current_account-current_region
[53%] success: Published c060a4ac2428713dd0429976f19d01689cdbed20829405e999462d4b5334db70:current_account-current_region
[53%] start: Publishing df2c8d783eac0311e9f0bdd4cc62b80e7ad03137e7ca44b6f7af6196f1dceffb:current_account-current_region
[61%] success: Published df2c8d783eac0311e9f0bdd4cc62b80e7ad03137e7ca44b6f7af6196f1dceffb:current_account-current_region
[61%] start: Publishing 1a495f5e7c52f2b689c3a3aa6c40cb9b89d8e897ed865efb4d2066cf61151bb7:current_account-current_region
[69%] success: Published 1a495f5e7c52f2b689c3a3aa6c40cb9b89d8e897ed865efb4d2066cf61151bb7:current_account-current_region
[69%] start: Publishing c232c99bbc9150c88cb39eca0ae34e8a6491f31839670dcc41a692afbbd754e1:current_account-current_region
[76%] success: Published c232c99bbc9150c88cb39eca0ae34e8a6491f31839670dcc41a692afbbd754e1:current_account-current_region
[76%] start: Publishing b56591fc6ac5a4be79c50276c852b1bcdb1110cdc5851b62d6b207f9a857b723:current_account-current_region
[84%] success: Published b56591fc6ac5a4be79c50276c852b1bcdb1110cdc5851b62d6b207f9a857b723:current_account-current_region
[84%] start: Publishing 267ee2b42557489195406d74f30103325942e372718394c680804b940a1d1d2d:current_account-current_region
[92%] success: Published 267ee2b42557489195406d74f30103325942e372718394c680804b940a1d1d2d:current_account-current_region
[92%] start: Publishing 44692731cceaa457073cb1adf697962b9aabf1682c976d725cd0f9831fdb493b:current_account-current_region
[100%] success: Published 44692731cceaa457073cb1adf697962b9aabf1682c976d725cd0f9831fdb493b:current_account-current_region
stack: creating CloudFormation changeset...
[··························································] (0/70)
11:03:08 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | stack
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsDEL
ETE/ServiceRole
11:03:42 AM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMeta
data/Default
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | videosP
OSTvideo_id/ServiceRole
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | job_pro
cessing/Role
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsPOS
[█▋························································] (2/70)
11:03:08 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | stack
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsDEL
ETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsPOS
T/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | api/CloudWatchRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | videosD
ELETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsGET
[█▋························································] (2/70)
11:03:08 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | SniprCd
kStack
11:03:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsDEL
ETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsPOS
T/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | api/CloudWatchRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | videosD
ELETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | jobsGET
/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | process
[███▎······················································] (4/70)
11:03:08 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | stack
11:03:49 AM | CREATE_FAILED | AWS::ApiGateway::Authorizer | apiAuth
orizer
Resource handler returned message: "Invalid lambda function (Service: ApiGatewa
y, Status Code: 400, Request ID: 11647356-1231-436e-a12d-fba981480fa0, Extended
Request ID: null)" (RequestToken: 05331070-96b2-5d6d-5980-fea5af68b6ef, Handler
ErrorCode: AlreadyExists)
[███▎······················································] (4/70)
11:03:49 AM | CREATE_FAILED | AWS::ApiGateway::Authorizer | apiAuth
orizer
Resource handler returned message: "Invalid lambda function (Service: ApiGatewa
y, Status Code: 400, Request ID: 11647356-1231-436e-a12d-fba981480fa0, Extended
Request ID: null)" (RequestToken: 05331070-96b2-5d6d-5980-fea5af68b6ef, Handler
ErrorCode: AlreadyExists)
11:03:51 AM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | stack
The following resource(s) failed to create: [apiCloudWatchRoleC6C2D749, jo
bsDELETEServiceRole0C5D10A6, initiateprocessingServiceRole7BED0381, getprocessi
ngstatusServiceRole0D15F29B, videosGETvideoidServiceRoleC34CF15F, videosDELETES
erviceRole1FFE92AA, authorizerFunctionServiceRoleE6AAF541, processkeywordsServi
ceRoleFA27296D, jobsGETServiceRoleF105C519, jobsPOSTServiceRoleD3CEA40B, apiAut
[███▎······················································] (4/70)
最终使用完全不同的结构解决了这个问题。从来没有弄清楚为什么会出现该错误。
const auth = new apigw.TokenAuthorizer(this, 'apiAuthorizer', {
handler: authorizerFunction,
authorizerName: "authorizer",
resultsCacheTtl:Duration.minutes(1)
});