我正在尝试设置事件源映射,以便每次将记录提交到我的dynamodb表时Lambda函数都会调用。我正在尝试跟进
中的说明https://github.com/serverless/serverless/blob/master/docs/guide/overview-of-event-sources.md
我当前的serverless.yml正在使用:
service: sl-pipeline
provider:
name: aws
runtime: python2.7
memorySize: ${memoryVar}
iamRoleStatements:
- Effect: "Allow"
Action:
- "dynamodb:*"
Resource: "arn:aws:dynamodb:*:*:table/MyTable*"
- Effect: "Allow"
Action:
- "dynamodb:GetRecords"
- "dynamodb:GetShardIterator"
- "dynamodb:DescribeStream"
- "dynamodb:ListStreams"
Resource: "arn:aws:dynamodb:*:*:table/MyTable*/stream/*"
# you can overwrite defaults here
defaults:
stage: dev
region: us-east-1
functions:
main:
handler: handler.main
# Add event trigger from dynamodb Stream Table
resources:
Resources:
mapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
BatchSize: 10
EventSourceArn: "arn:aws:dynamodb:us-east-1:XXXXXXXXX:table/MyTable/stream"
FunctionName: "sl-pipeline-dev-main"
StartingPosition: LATEST
每次拨打serverless deploy时,我都会:
Serverless Error ---------------------------------------
An error occurred while provisioning your cloudformation:
The following resource(s) failed to create: [IamRoleLambda,
mapping].
我猜这与IAM角色权限有关,但无法弄清楚如何修复它。对于我用于无服务器本身的角色,我试图使用:
Action: "*"
Resource: "*"
所以应该可以做任何事情。
请注意,如果我从resources中删除serverless.yml部分,我可以正确部署。我甚至可以转到dynamodb表,并手动将触发器添加到lambda函数中,一切正常。
提前致谢
答案 0 :(得分:1)
首先关闭;看看无法创建IamRoleLambda的原因。转到AWS Web控制台并转到CloudFormation。点击你的堆栈(可能它说它失败了)。滚动到失败的步骤,看看为什么。它通常会明确说明失败的原因。
二;您不需要lambda执行角色来获得流的权限。尝试从关于流的iam策略中删除该部分。所以它看起来像这样:
provider:
name: aws
runtime: python2.7
memorySize: ${memoryVar}
iamRoleStatements:
- Effect: "Allow"
Action:
- "dynamodb:*"
Resource: "arn:aws:dynamodb:*:*:table/MyTable*"