Cloudformation 创建一个 Lambda 及其关联的角色
Cloudformation creating a Lamba with it's associated Role
Cloudformation 让我抓狂...我有以下 cloudformation 脚本
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Lambda Function + IAM role Resources",
"Resources": {
"NFTCalculateCIDLambdaRole": {
"Type" : "AWS::IAM::Role",
"DeletionPolicy": "Retain",
"Properties" : {
"AssumeRolePolicyDocument" :{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Description" : "Role for execute CalculateCID lambda function",
"ManagedPolicyArns" : [ "arn:aws:iam::670818552530:policy/PutLogsEventPolicy", "arn:aws:iam::aws:policy/AmazonS3FullAccess" ],
"RoleName" : "NFT-CalculateCIDLambdaRoleTEST"
}
},
"InterpolazioneRole": {
"Fn::Join": [
"", [
"arn:aws:iam::",
{
"Ref": "AWS::Account"
},
":role/",
{
"Fn::GetAtt": ["CalculateCIDLambdaRole", "RoleName"]
}
]
]
},
"CalculateCID":{
"Type" : "AWS::Lambda::Function",
"DeletionPolicy": "Retain",
"Properties" : {
"Code": {
"S3Bucket": "deploy-stack",
"S3Key": "CalculateCID-3496f166-0f1d-40b4-8766-c5d29e4950ff.zip"
},
"Description" : "Calculates the CID for a given filename",
"Environment" : {
"Variables": {
"DELETE_S3_FILE_AFTER_PROCESSING": "true",
"TMP_DOWNLOAD_BUCKET": "content-temporary-files"
}
},
"FunctionName" : "CalculateCID",
"PackageType" : "Zip",
"Role" : "Fn::Join",
"Runtime" : "Node.js 12.x"
}
}
}
}
但是当我执行它时我得到了
An error occurred (ValidationError) when calling the CreateStackSet operation: Invalid template resource property 'Fn::Join' (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: 106e6351-a4b9-41a4-9d8d-fe2ff6902e87; Proxy: null)
问题是我不知道如何传递上一步生成的 arn.. 谁能帮我?
您收到错误消息是因为您试图将 InterpolazioneRole 创建为连接资源而不是角色资源。 Join 是函数而不是资源对象。
因此创建 InterpolazioneRole 作为角色类型,然后在角色名称中引用您的加入。
对于 Lambda 函数,角色必须与其 Arn 一起提及。您可以将 this 文档中的 return 值用于 IAM 资源。您正在尝试使用 Join Function 创建资源,但您不能这样做。直接从 Lambda 引用 IAM 角色的 arn。
将您的 Cloudformation 角色 属性 更新为 Fn::GetAtt 并删除未使用的资源。
"Role" : {"Fn::GetAtt" : ["NFTCalculateCIDLambdaRole", "Arn"] }
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Lambda Function + IAM role Resources",
"Resources": {
"NFTCalculateCIDLambdaRole": {
"Type" : "AWS::IAM::Role",
"DeletionPolicy": "Retain",
"Properties" : {
"AssumeRolePolicyDocument" :{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Description" : "Role for execute CalculateCID lambda function",
"ManagedPolicyArns" : [ "arn:aws:iam::670818552530:policy/PutLogsEventPolicy", "arn:aws:iam::aws:policy/AmazonS3FullAccess" ],
"RoleName" : "NFT-CalculateCIDLambdaRoleTEST"
}
},
"CalculateCID":{
"Type" : "AWS::Lambda::Function",
"DeletionPolicy": "Retain",
"Properties" : {
"Code": {
"S3Bucket": "deploy-stack",
"S3Key": "CalculateCID-3496f166-0f1d-40b4-8766-c5d29e4950ff.zip"
},
"Description" : "Calculates the CID for a given filename",
"Environment" : {
"Variables": {
"DELETE_S3_FILE_AFTER_PROCESSING": "true",
"TMP_DOWNLOAD_BUCKET": "content-temporary-files"
}
},
"FunctionName" : "CalculateCID",
"PackageType" : "Zip",
"Role" : {"Fn::GetAtt" : ["NFTCalculateCIDLambdaRole", "Arn"] },
"Runtime" : "Node.js 12.x"
}
}
}
}
Cloudformation 让我抓狂...我有以下 cloudformation 脚本
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Lambda Function + IAM role Resources",
"Resources": {
"NFTCalculateCIDLambdaRole": {
"Type" : "AWS::IAM::Role",
"DeletionPolicy": "Retain",
"Properties" : {
"AssumeRolePolicyDocument" :{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Description" : "Role for execute CalculateCID lambda function",
"ManagedPolicyArns" : [ "arn:aws:iam::670818552530:policy/PutLogsEventPolicy", "arn:aws:iam::aws:policy/AmazonS3FullAccess" ],
"RoleName" : "NFT-CalculateCIDLambdaRoleTEST"
}
},
"InterpolazioneRole": {
"Fn::Join": [
"", [
"arn:aws:iam::",
{
"Ref": "AWS::Account"
},
":role/",
{
"Fn::GetAtt": ["CalculateCIDLambdaRole", "RoleName"]
}
]
]
},
"CalculateCID":{
"Type" : "AWS::Lambda::Function",
"DeletionPolicy": "Retain",
"Properties" : {
"Code": {
"S3Bucket": "deploy-stack",
"S3Key": "CalculateCID-3496f166-0f1d-40b4-8766-c5d29e4950ff.zip"
},
"Description" : "Calculates the CID for a given filename",
"Environment" : {
"Variables": {
"DELETE_S3_FILE_AFTER_PROCESSING": "true",
"TMP_DOWNLOAD_BUCKET": "content-temporary-files"
}
},
"FunctionName" : "CalculateCID",
"PackageType" : "Zip",
"Role" : "Fn::Join",
"Runtime" : "Node.js 12.x"
}
}
}
}
但是当我执行它时我得到了
An error occurred (ValidationError) when calling the CreateStackSet operation: Invalid template resource property 'Fn::Join' (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: 106e6351-a4b9-41a4-9d8d-fe2ff6902e87; Proxy: null)
问题是我不知道如何传递上一步生成的 arn.. 谁能帮我?
您收到错误消息是因为您试图将 InterpolazioneRole 创建为连接资源而不是角色资源。 Join 是函数而不是资源对象。
因此创建 InterpolazioneRole 作为角色类型,然后在角色名称中引用您的加入。
对于 Lambda 函数,角色必须与其 Arn 一起提及。您可以将 this 文档中的 return 值用于 IAM 资源。您正在尝试使用 Join Function 创建资源,但您不能这样做。直接从 Lambda 引用 IAM 角色的 arn。
将您的 Cloudformation 角色 属性 更新为 Fn::GetAtt 并删除未使用的资源。
"Role" : {"Fn::GetAtt" : ["NFTCalculateCIDLambdaRole", "Arn"] }
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Lambda Function + IAM role Resources",
"Resources": {
"NFTCalculateCIDLambdaRole": {
"Type" : "AWS::IAM::Role",
"DeletionPolicy": "Retain",
"Properties" : {
"AssumeRolePolicyDocument" :{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Description" : "Role for execute CalculateCID lambda function",
"ManagedPolicyArns" : [ "arn:aws:iam::670818552530:policy/PutLogsEventPolicy", "arn:aws:iam::aws:policy/AmazonS3FullAccess" ],
"RoleName" : "NFT-CalculateCIDLambdaRoleTEST"
}
},
"CalculateCID":{
"Type" : "AWS::Lambda::Function",
"DeletionPolicy": "Retain",
"Properties" : {
"Code": {
"S3Bucket": "deploy-stack",
"S3Key": "CalculateCID-3496f166-0f1d-40b4-8766-c5d29e4950ff.zip"
},
"Description" : "Calculates the CID for a given filename",
"Environment" : {
"Variables": {
"DELETE_S3_FILE_AFTER_PROCESSING": "true",
"TMP_DOWNLOAD_BUCKET": "content-temporary-files"
}
},
"FunctionName" : "CalculateCID",
"PackageType" : "Zip",
"Role" : {"Fn::GetAtt" : ["NFTCalculateCIDLambdaRole", "Arn"] },
"Runtime" : "Node.js 12.x"
}
}
}
}