我有以下serverless.yml
service: sl-hliq-cognitive-trigger
custom: ${file(env.yml)}
plugins:
serverless-plugin-existing-s3
provider:
name: aws
runtime: python3.6
stage: ${self:custom.environment}
deploymentBucket:
name: ${self:custom.deploymentBucket}
serverSideEncryption: AES256
role:
Fn::GetAtt: [ ServiceRole, Arn ]
region: ${self:custom.region}
functions:
lambda_trigger:
name: ${self:service}-${self:custom.environment}
description: Test lambda lambda_trigger
handler: handler.lambda_handler
tags:
project: "hliq-cognitive-srv"
owner: "hliq-cognitive-srv-state"
environment: ${self:custom.environment}
events:
- existingS3:
bucket: ${self:custom.listen_bucket_name}
event: s3:ObjectCreated:*
rules:
- prefix: ${self:custom.listen_prefix_name}
package:
artifact: package.zip
resources:
Resources:
ServiceRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${self:custom.environment}
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:service}-${self:custom.environment}
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DetachNetworkInterface
- ec2:DeleteNetworkInterface
Resource: "*"
- Sid: "BucketAccess"
Effect: "Allow"
Action:
- "s3:Get*"
- "s3:List*"
Resource:
- "arn:aws:s3:::${self:custom.listen_bucket_name}"
- "arn:aws:s3:::${self:custom.listen_bucket_name}/${self:custom.listen_prefix_name}*"
简而言之,这是在存储桶中创建对象时的lambda事件。我进入s3存储桶,并遇到以下错误。
Unable to validate the following destination configurations. Not authorized to invoke function
这使我相信我需要在s3存储桶端进行配置,以允许调用我的lambda。有没有办法可以在无服务器环境中做到这一点?
答案 0 :(得分:1)
尝试添加"s3:PutBucketNotification"权限。
干杯