我正在设置我的Java AWS lambda函数,以便通过Codepipeline进行部署 - > Cloudformation和Cloudformation有一些困难。我以前和Terraform合作过,所以我理解一般的概念......
为了澄清,我的代码存放在Codecommit存储库中,所有内容都由Codestar设置,因此它创建了一个Codepipeline,其中包含一个阶段,两步部署(生成变更集,执行变更集)。
目前,我只是标记Codestar在存储库中创建的示例template.yml文件,因此是HelloWorld引用。
除了template.yml文件之外,我还有一个用于Codebuild的buildspec.yml文件,尽管构建过程成功完成。
下面是我的template.yml cloudformation脚本。 Codepipeline部署阶段中的ChangeSet步骤成功完成,但是ExecuteChangeset步骤失败,并且“没有提供原因”(超级有帮助)。单击详细信息链接将我带到执行步骤的Cloudformation页面,该页面实际上不显示任何错误。它显示了我期望看到的一些添加/删除步骤,但并非所有我认为需要发生的步骤。如果单击“执行”,则会因以下错误而失败:
Error: Failed to execute change set: ChangeSet [arn:aws:cloudformation:us-east-1:XXXXXXXXXXXX:stack/awscodestar-test2-lambda/07e71ee0-6a73-11e7-bee5-50d5cd24fac6] cannot be executed in its current execution status of [EXECUTE_FAILED]
我在这里做错了什么?我对Fn :: GetAtt的调用没有很好的把握,但是我尝试了几种不同的方式,没有快乐。
**除了确定出了什么问题之外,我还有两个问题:
请解释一下我应该在Fn :: GetAtt函数调用中引用什么?它是我在我试图调用的资源顶部提供的资源名称(例如GetHelloWorld)吗?或者是作为该资源的属性提供的显式名称(即FunctionName)?
在Lambda函数声明中,我试图在线设置事件触发器,然后需要引用Lambda函数。我可以在嵌套在Lambda函数资源中的Event声明中引用Lambda函数资源吗?
下面是我的template.yml文件。
AWSTemplateFormatVersion: 2010-09-09
Transform:
- AWS::Serverless-2016-10-31
- AWS::CodeStar
Parameters:
ProjectId:
Type: String
Description: AWS CodeStar projectID used to associate new resources to team members
Resources:
RoleForLambda:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service: "lambda.amazonaws.com"
Action: "sts:AssumeRole"
Policies:
- PolicyName: s3put
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
- 's3:PutObject'
Resource:
- 'arn:aws:logs:*:*:*'
- 'arn:aws:s3:*'
GetHelloWorld:
Type: AWS::Serverless::Function
Properties:
Handler: com.aws.codestar.projecttemplates.handler.HelloWorldHandler
Runtime: java8
Timeout: 60
MemorySize: 256
Role:
'Fn::GetAtt':
- RoleForLambda
- Arn
ScheduleRule:
Type: 'AWS::Events::Rule'
Properties:
Name: DownloadFiles
ScheduleExpression: 'cron(2,7,12,17,22,27,32,37,42,47,52,57 * * * ? *)'
State: ENABLED
Targets:
- Arn:
'Fn::GetAtt':
- GetHelloWorld
- Arn
Id: downloadFiles
LambdaInvokePermission:
Type: "AWS::Lambda::Permission"
Properties:
Action: lambda:InvokeFunction
FunctionName: GetHelloWorld
Principal: events.amazonaws.com
SourceAccount: AWS::XXXXXXXXXXXX
SourceArn:
- Arn:
'Fn::GetAtt':
- ScheduleRule
- Arn
答案 0 :(得分:2)
如果有其他人遇到类似问题。事实证明,我有一些语法错误,我确信,其他问题......这是一个工作模板。
AWSTemplateFormatVersion: 2010-09-09
Description: >-
This Lambda function does something
Parameters:
ProjectId:
Description: AWS CodeStar projectID used to associate new resources to team members
Type: String
Resources:
DownloadRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Sid: ''
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: 'sts:AssumeRole'
Policies:
- PolicyName: PutS3Policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
- 's3:PutObject'
- 's3:PutObjectAcl'
- 's3:PutObjectTagging'
- 'sns:Publish'
Resource:
- 'arn:aws:logs:*:*:*'
- 'arn:aws:s3:::myBucket'
- 'arn:aws:s3:::myBucket/*'
- 'arn:aws:sns:us-east-1:xxxxxxxxxxxx:SNS_TOPIC'
Path: /
DownloadFunction:
Type: 'AWS::Lambda::Function'
Properties:
Handler: 'com.mycompany.download.LambdaFunction::lambdaHandler'
MemorySize: '256'
Description: A scheduled Lambda function
FunctionName: Download
Role: !GetAtt
- DownloadRole
- Arn
Runtime: java8
Timeout: '60'
DependsOn:
- DownloadRole
ScheduleRule:
Type: 'AWS::Events::Rule'
Properties:
Name: DownloadFiles
ScheduleExpression: 'cron(2,7,12,17,22,27,32,37,42,47,52,57 * * * ? *)'
State: ENABLED
Targets:
- Arn: !GetAtt
- DownloadFunction
- Arn
Id: DownloadFiles
DependsOn:
- DownloadFunction
LambdaInvokePermission:
Type: 'AWS::Lambda::Permission'
Properties:
FunctionName: !GetAtt
- DownloadFunction
- Arn
Action: 'lambda:InvokeFunction'
Principal: events.amazonaws.com
SourceArn: !GetAtt
- ScheduleRule
- Arn
DependsOn:
- DownloadFunction
- ScheduleRule