Question

我正在尝试设置一个发送电子邮件的lambda函数，该函数由cloudformation中的SNS主题触发，但由于某种原因它无效。我进去检查了lambda＆amp;之后的所有依赖/权限。 sns上升了，一切似乎都井井有条，但是当我发布主题时没有任何反应。当我在Lambda控制台中手动测试lambda时，它可以很好地工作。

Cloudformation

"Resources": {
    "CloudformationEventHandlerLambdaExecutionRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "Path": "/",
        "Policies": [
          {
            "PolicyName": "CloudformationTrigger",
            "PolicyDocument": {
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                      "ses:*"
                  ],
                  "Resource": [
                    "arn:aws:ses:*"
                  ]
                }
              ]
            }
          }
        ],
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": [
                "sts:AssumeRole"
              ],
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "lambda.amazonaws.com"
                ]
              }
            }
          ]
        }
      }
    },
    "CloudformationEventHandlerLambdaFunction": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Handler": "lambda_function.lambda_handler",
        "Role": {
          "Fn::GetAtt": [
            "CloudformationEventHandlerLambdaExecutionRole",
            "Arn"
          ]
        },
        "Code": {
          "S3Bucket": {
            "Ref": "Bucket"
          },
          "S3Key": "CloudformationEventHandler.zip"
        },
        "Runtime": "python2.7",
        "Timeout": "30"
      },
      "DependsOn": [
        "CloudformationEventHandlerLambdaExecutionRole"
      ]
    },
    "CloudformationEventHandlerLambdaInvokePermission": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "SourceAccount": {
          "Ref": "AWS::AccountId"
        },
        "Principal": "sns.amazonaws.com",
        "SourceArn": {
            "Ref": "CloudformationTopic"
        },
        "FunctionName": {
          "Fn::GetAtt": [
            "CloudformationEventHandlerLambdaFunction",
            "Arn"
          ]
        }
      }
    },
    "CloudformationTopic": {
        "Type": "AWS::SNS::Topic",
        "Properties": {
            "DisplayName": "CloudformationIngestTopic",
            "Subscription": [
                {
                    "Endpoint": {
                        "Fn::GetAtt": [
                            "CloudformationEventHandlerLambdaFunction",
                            "Arn"
                        ]
                    },
                    "Protocol": "lambda"
                }
            ]
        },
        "DependsOn": [ "CloudformationEventHandlerLambdaFunction" ]
    }
  }

Python SES Lambda

import boto3

client = boto3.client('ses')

def lambda_handler(event, context):
    message = """
        Event:
        {}

        Context:
        {}
    """.format(event, context)

    response = client.send_email(
            Source='***censored***',
            Destination={ 'ToAddresses': [ ***censored***' ] },
            Message={
                    'Subject': {
                            'Data': 'CFMTest'
                        },
                    'Body': {
                            'Text': {
                                    'Data': message
                                }
                        }
                }
            )

Answer 1

AWS::Lambda::Permission资源类型的CloudformationEventHandlerLambdaInvokePermission仅用于Cloudwatch日志，CloudWatch规则，S3和SES。从模板上的2016-08-10 12:10:13.208 ERROR 14932 --- [io-8080-exec-10] w.s.h.ExceptionWebSocketHandlerDecorator : Unhandled error for ExceptionWebSocketHandlerDecorator [delegate=LoggingWebSocketHandlerDecorator [delegate=SubProtocolWebSocketHandler[StompSubProtocolHandler[v10.stomp, v11.stomp, v12.stomp]]]] org.springframework.messaging.MessageDeliveryException: Failed to send message to ExecutorSubscribableChannel[clientInboundChannel]; nested exception is org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:127) at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:104) at org.springframework.web.socket.messaging.StompSubProtocolHandler.afterSessionEnded(StompSubProtocolHandler.java:595) at org.springframework.web.socket.messaging.SubProtocolWebSocketHandler.clearSession(SubProtocolWebSocketHandler.java:482) at org.springframework.web.socket.messaging.SubProtocolWebSocketHandler.afterConnectionClosed(SubProtocolWebSocketHandler.java:368) at org.springframework.web.socket.handler.WebSocketHandlerDecorator.afterConnectionClosed(WebSocketHandlerDecorator.java:85) at org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator.afterConnectionClosed(LoggingWebSocketHandlerDecorator.java:72) at org.springframework.web.socket.handler.ExceptionWebSocketHandlerDecorator.afterConnectionClosed(ExceptionWebSocketHandlerDecorator.java:78) at org.springframework.web.socket.sockjs.transport.session.AbstractSockJsSession.delegateConnectionClosed(AbstractSockJsSession.java:430) at org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHandler.afterConnectionClosed(SockJsWebSocketHandler.java:97) at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.onClose(StandardWebSocketHandlerAdapter.java:141) at org.apache.tomcat.websocket.WsSession.fireEndpointOnClose(WsSession.java:542) at org.apache.tomcat.websocket.WsSession.onClose(WsSession.java:524) at org.apache.tomcat.websocket.WsFrameBase.processDataControl(WsFrameBase.java:348) at org.apache.tomcat.websocket.WsFrameBase.processData(WsFrameBase.java:290) at org.apache.tomcat.websocket.WsFrameBase.processInputBuffer(WsFrameBase.java:131) at org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:71) at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler$WsReadListener.onDataAvailable(WsHttpUpgradeHandler.java:185) at org.apache.coyote.http11.upgrade.AbstractServletInputStream.onDataAvailable(AbstractServletInputStream.java:198) at org.apache.coyote.http11.upgrade.AbstractProcessor.upgradeDispatch(AbstractProcessor.java:96) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:647) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) at org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor.preSend(ChannelSecurityInterceptor.java:69) at org.springframework.messaging.support.AbstractMessageChannel$ChannelInterceptorChain.applyPreSend(AbstractMessageChannel.java:158) at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:113) ... 26 common frames omitted资源中删除此字段后，我可以通过发布到SNS主题来调用lambda函数。

有关lambda权限的详细信息，请参阅this文档

SNS主题不会触发Lambda

1 个答案: