我有一个Cloudwatch Events Rule,它会定期调用AWS Lambda。此Lambda尝试使用receiveMessage SDK method从AWS SQS队列中提取消息。然后,如果有消息,它将调用一个AWS Step Function。在本地调用时,此过程有效。但是,当Cloudwatch触发它时,我收到错误Client network socket disconnected before secure TLS connection was established。请参阅下面的代码:
module.exports.triggerStepFunction = () => {
let sqs = new AWS.SQS({apiVersion: '2012-11-05'})
let params = {
QueueUrl: 'my_endpoint',
AttributeNames: [
'All'
],
MessageAttributeNames: [
'All'
],
MaxNumberOfMessages: 1,
ReceiveRequestAttemptId: Date.now().toString(),
VisibilityTimeout: 10,
WaitTimeSeconds: 6
}
sqs.receiveMessage(params, function(err, receiveMessageData) {
if (err) {
return err
} else {
return receiveMessageData
}
})
}
正在发生什么,我该如何解决?
答案 0 :(得分:0)
解决方案似乎是创建一个具有适当权限的新IAM角色,并将其附加到lambda。我使用的是Serverless,因此我将以下内容添加到了serverless.yml文件中,并将其附加到了lambda:
resources:
Resources:
SQSLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: '/'
Policies:
- PolicyName: logs
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- PolicyName: sqs
PolicyDocument:
Statement:
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:SendMessage
- sqs:DeleteMessage
Resource: <MY_SQS_RESOURCE_ARN>