Lambda的AWS预定事件规则在CloudFormation中不起作用

时间:2017-01-17 21:56:50

标签: amazon-web-services aws-lambda amazon-cloudformation troposphere

无法将AWS Lambda配置为由规则触发 - >使用CloudFormation作为预定事件源触发(实际上,使用Python的Troposphere。)这已经花了我几天的时间,任何帮助都将受到赞赏

以下是相关的CF JSON代码段 - 

        "DataloaderRetrier": {
        "Properties": {
            "Code": {
                "S3Bucket": "mycompanylabs-config",
                "S3Key": "v3/mycompany-component-loader-lambda-0.5.jar"
            },
            "FunctionName": "DataloaderRetriervitest27",
            "Handler": "mycompany.ScheduledEventHandler::handleRequest",
            "MemorySize": 320,
            "Role": "arn:aws:iam::166662328783:role/kinesis-lambda-role",
            "Runtime": "java8",
            "VpcConfig": {
                "SecurityGroupIds": [
                    "sg-2f1f6047"
                ],
                "SubnetIds": [
                    "subnet-ec3c1435"
                ]
            }
        },
        "Type": "AWS::Lambda::Function"
    },
    "DataloaderRetrierEventTriggerPermission": {
        "Properties": {
            "Action": "lambda:InvokeFunction",
            "FunctionName": {
                "Fn::GetAtt": [
                    "DataloaderRetrier",
                    "Arn"
                ]
            },
            "Principal": "events.amazonaws.com",
            "SourceAccount": {
                "Ref": "AWS::AccountId"
            },
            "SourceArn": {
                "Fn::GetAtt": [
                    "DataloaderRetrierEventTriggerRule",
                    "Arn"
                ]
            }
        },
        "Type": "AWS::Lambda::Permission"
    },
    "DataloaderRetrierEventTriggerRule": {
        "DependsOn": "DataloaderRetrier",
        "Properties": {
            "Description": "Reminding the lambda to read from the retry SQS",
            "Name": "DataloaderRetrierEventTriggerRulevitest27",
            "ScheduleExpression": "rate(1 minute)",
            "State": "ENABLED",
            "Targets": [
                {
                    "Arn": {
                        "Fn::GetAtt": [
                            "DataloaderRetrier",
                            "Arn"
                        ]
                    },
                    "Id": "DataloaderRetrierEventTriggerTargetvitest27",
                    "Input": "{\"Hey\":\"WAKE UP!\"}"
                }
            ]
        },
        "Type": "AWS::Events::Rule"
    }

AWS Lambda函数显示零调用,而Events-> Rules指标显示正确的调用次数,但它们都会失败。 Lambda在Triggers部分显示触发器,Rule在其触发器部分显示lambda。他们联系得很好。

但是,如果我进入并在Web控制台中的规则下手动创建相同的触发器,它将很乐意开始向Lambda发送事件。

PS - 这是对流层代码:

# DATALOADER RETRIER LAMBDA
dataloader_retrier = t.add_resource(awslambda.Function(
    "DataloaderRetrier",
    Code=awslambda.Code(
        "DataloaderRetrierCode",
        S3Bucket='mycompanylabs-config',
        S3Key='v3/mycompany-snowplow-loader-lambda-0.5.jar'
    ),
    FunctionName=suffix("DataloaderRetrier"),
    Handler="mycompany.ScheduledEventHandler::handleRequest",
    MemorySize="320",
    Role="arn:aws:iam::166662328783:role/kinesis-lambda-role",
    Runtime="java8",
    VpcConfig=lambda_vpc_config
))

dataloader_retrier_scheduled_rule = t.add_resource(events.Rule(
    "DataloaderRetrierEventTriggerRule",
    Name=suffix("DataloaderRetrierEventTriggerRule"),
    Description="Reminding the lambda to read from the retry SQS",
    Targets=[events.Target(
        Id=suffix("DataloaderRetrierEventTriggerTarget"),
        Arn=tr.GetAtt("DataloaderRetrier", "Arn"),
        Input='{"Hey":"WAKE UP!"}'
    )],
    State='ENABLED',
    ScheduleExpression="rate(1 minute)",
    DependsOn="DataloaderRetrier"
)),

t.add_resource(awslambda.Permission(
    "DataloaderRetrierEventTriggerPermission",
    Action="lambda:InvokeFunction",
    FunctionName=tr.GetAtt("DataloaderRetrier", "Arn"),
    Principal="events.amazonaws.com",
    SourceAccount=tr.Ref("AWS::AccountId"),
    SourceArn=tr.GetAtt("DataloaderRetrierEventTriggerRule", "Arn")
))

1 个答案:

答案 0 :(得分:4)

您需要从SourceAccount资源中删除AWS::Lambda::Permission参数。

正如AddPermission API文档中所述,SourceAccount参数会限制“{3}}来源'允许调用指定的AWS账户ID,例如在指定S3 Bucket或CloudWatch Logs通知时。

但是(在这一点上文档可能应该更加明确),对于CloudWatch事件计划表达式,事件的sourceaws.events,而不是您自己的AWS账户ID,这就是添加此参数导致事件无法触发Lambda函数的原因。

相关问题
最新问题