我想使用 Terraform 部署 API网关, Lambda 和 DynamoDB ,以便我可以执行基本在DynamoDB表上进行读取和写入操作。为此,我创建了一个 funcLambda.js 文件,该文件具有以下代码-
var AWS = require('aws-sdk');
var dynamo = new AWS.DynamoDB.DocumentClient();
exports.handler = function(event, context, callback) {
var operation = event.operation;
if (event.tableName) {
event.payload.TableName = event.tableName;
}
switch (operation) {
case 'create':
dynamo.put(event.payload, callback);
break;
case 'read':
dynamo.get(event.payload, callback);
break;
default:
callback(`Unknown operation: ${operation}`);
}
};
我已将此代码上传到名为 mybuck7086125 的S3存储桶中的名为 funcLambda.zip 的zip文件中。 然后,我编写了下面的terraform代码-
provider "aws" {
region = "us-east-1"
}
resource "aws_dynamodb_table" "ddbtable" {
name = "myDB"
hash_key = "id"
billing_mode = "PROVISIONED"
read_capacity = 5
write_capacity = 5
attribute {
name = "id"
type = "S"
}
}
resource "aws_iam_role_policy" "lambda_policy" {
name = "lambda_policy"
role = aws_iam_role.role_for_LDC.id
policy = <<-EOF
{
"Version": "2012-10-17",
"Statement":[{
"Effect": "Allow",
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem"
],
"Resource": "arn:aws:dynamodb:us-east-1:987456321456:table/myDB"
}
]
}
EOF
}
resource "aws_iam_role" "role_for_LDC" {
name = "myrole"
assume_role_policy = <<-EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_lambda_function" "myLambda" {
function_name = "func"
s3_bucket = "mybuck7086125"
s3_key = "funcLambda.zip"
role = aws_iam_role.role_for_LDC.arn
handler = "funcLambda.handler"
runtime = "nodejs12.x"
}
resource "aws_api_gateway_rest_api" "apiLambda" {
name = "myAPI"
}
resource "aws_api_gateway_resource" "Resource" {
rest_api_id = aws_api_gateway_rest_api.apiLambda.id
parent_id = aws_api_gateway_rest_api.apiLambda.root_resource_id
path_part = "myresource"
}
resource "aws_api_gateway_method" "Method" {
rest_api_id = aws_api_gateway_rest_api.apiLambda.id
resource_id = aws_api_gateway_resource.Resource.id
http_method = "POST"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "lambdaInt" {
rest_api_id = aws_api_gateway_rest_api.apiLambda.id
resource_id = aws_api_gateway_resource.Resource.id
http_method = aws_api_gateway_method.Method.http_method
integration_http_method = "POST"
type = "AWS"
uri = aws_lambda_function.myLambda.invoke_arn
}
resource "aws_api_gateway_deployment" "apideploy" {
depends_on = [aws_api_gateway_integration.lambdaInt]
rest_api_id = aws_api_gateway_rest_api.apiLambda.id
stage_name = "test"
}
resource "aws_lambda_permission" "apigw" {
statement_id = "AllowAPIGatewayInvoke"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.myLambda.function_name
principal = "apigateway.amazonaws.com"
source_arn = "${aws_api_gateway_rest_api.apiLambda.execution_arn}/POST/myresource"
}
output "base_url" {
value = aws_api_gateway_deployment.apideploy.invoke_url
}
使用上述代码,所有AWS三个服务和角色均已成功部署。然后,我转到Lambda控制台并创建了一个测试模板,以检查Lambda是否可以在DynamoDB表上执行操作。我的测试模板如下-
{
"operation":"create",
"tableName":"myDB",
"payload":{
"Item":{
"id":"1",
"name":"Maverick",
"movie":"Top Gun"
}
}
}
当我运行测试事件时,它成功并且将数据输入到表中。
最后,当我尝试使用CURL对URL进行相同的操作时,收到internal server error作为消息。下面给出了我的CURL命令及其输出:
souvik@DESKTOP-A673L12 MINGW64 /C/Users/souvik/Desktop/terrlamapidb
$ curl -X POST -d '{"operation":"create","tableName":"myDB","payload":{"Item":{ "id":"1", "name":"Maverick", "movie":"Top Gun" }}}' https://t56gdtdyu6.execute-api.us-east-1.amazonaws.com/test/myresource
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 147 100 36 100 111 23 71 0:00:01 0:00:01 --:--:-- 94{"message": "Internal server error"}
请告诉我如何解决此问题。