尽管在 lambda 上有资源策略声明,但 EventBridge 规则不会触发 Lambda
EventBridge rule not triggering Lambda despite having resource policy statement on lambda
我有一个无服务器文件,它在默认事件总线上创建一个 eventbridge 规则:
StepFunctionErrorEvent:
Type: AWS::Events::Rule
Properties:
Name: ${self:custom.resourcePrefix}-step-function-error-event-rule
Description: Event bus rule coordinating what targets receive Step Function error events
EventPattern:
source:
- "aws.states"
"detail-type":
- "Step Functions Execution Status Change"
detail:
state:
- "FAILED"
- "TIMED_OUT"
- "ABORTED"
Targets:
- Arn: ${cf:${self:custom.resourcePrefix}-service-internal-slack-integration.PostSlackMessageLambdaArn}
Id: "ErrorSlackMessage"
DeadLetterConfig:
Arn: !GetAtt DefaultErrorTargetDLQ.Arn
DefaultErrorTargetDLQ:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.resourcePrefix}-DefaultErrorTargetDL
并且在一个也被部署的单独的无服务器文件中,我将以下 Lambda 权限添加到 pl-us-east-2-pilot-post-slack-message:
resources:
Resources:
TriggerPostSlackMessageLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt PostSlackMessageLambdaFunction.Arn
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn: !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/pl-us-east-2-pilot-step-function-error-event-rule
然而,尽管 pl-us-east-2-pilot-post-slack-message lambda 将上述内容列为 'Resource based policy' 下的权限(在 Lambda 控制台中),但当出现 Lambda 故障时,EventBridge 规则不会触发。如果我使用 AWS 控制台创建新规则,它确实会触发,但无论出于何种原因,它都无法使用 serverless/CloudFormation.
成功触发
我读到的关于这个主题的每个 post 似乎都提到了同样的事情 - 即在您的 Lambda 上设置权限,但我已经做到了,但它仍然无法正常工作。有谁知道它没有触发的原因是什么?
很难发现,但因为我使用的是步进函数
detail:
state:
- "FAILED"
- "TIMED_OUT"
- "ABORTED"
应该是
detail:
status:
- "FAILED"
- "TIMED_OUT"
- "ABORTED"
我有一个无服务器文件,它在默认事件总线上创建一个 eventbridge 规则:
StepFunctionErrorEvent:
Type: AWS::Events::Rule
Properties:
Name: ${self:custom.resourcePrefix}-step-function-error-event-rule
Description: Event bus rule coordinating what targets receive Step Function error events
EventPattern:
source:
- "aws.states"
"detail-type":
- "Step Functions Execution Status Change"
detail:
state:
- "FAILED"
- "TIMED_OUT"
- "ABORTED"
Targets:
- Arn: ${cf:${self:custom.resourcePrefix}-service-internal-slack-integration.PostSlackMessageLambdaArn}
Id: "ErrorSlackMessage"
DeadLetterConfig:
Arn: !GetAtt DefaultErrorTargetDLQ.Arn
DefaultErrorTargetDLQ:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.resourcePrefix}-DefaultErrorTargetDL
并且在一个也被部署的单独的无服务器文件中,我将以下 Lambda 权限添加到 pl-us-east-2-pilot-post-slack-message:
resources:
Resources:
TriggerPostSlackMessageLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt PostSlackMessageLambdaFunction.Arn
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn: !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/pl-us-east-2-pilot-step-function-error-event-rule
然而,尽管 pl-us-east-2-pilot-post-slack-message lambda 将上述内容列为 'Resource based policy' 下的权限(在 Lambda 控制台中),但当出现 Lambda 故障时,EventBridge 规则不会触发。如果我使用 AWS 控制台创建新规则,它确实会触发,但无论出于何种原因,它都无法使用 serverless/CloudFormation.
我读到的关于这个主题的每个 post 似乎都提到了同样的事情 - 即在您的 Lambda 上设置权限,但我已经做到了,但它仍然无法正常工作。有谁知道它没有触发的原因是什么?
很难发现,但因为我使用的是步进函数
detail:
state:
- "FAILED"
- "TIMED_OUT"
- "ABORTED"
应该是
detail:
status:
- "FAILED"
- "TIMED_OUT"
- "ABORTED"