我需要一些帮助来编写由S3 put触发的云形成,从阅读文档中我看到你需要 NotificationConfiguration ,其中包含在桶定义中指定的事件和功能,但我一直得到错误"无法验证以下目标配置"它会破解并回滚更新。有人可以看看我的CF脚本,并确定我做错了什么,我认为问题可能在 NotificationConfiguration 或 rLambdaInvokePermission ,但我不确定理解!
这是我的yaml:
Resources:
rAppBucketS3Policy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref rS3bucket
PolicyDocument:
Statement:
# SSL access enforced
- Sid: EnforceSecureTransport
Action: s3:*
Effect: Deny
Principal: '*'
Resource: !Join ["",[ "arn:aws:s3:::", Ref: rS3bucket, '/*' ] ]
Condition:
Bool:
aws:SecureTransport: 'false'
- Sid: EnforceEncryptionOnPut
Effect: Deny
Principal: '*'
Action: s3:PutObject
Resource: !Join ["",[ "arn:aws:s3:::", Ref: rS3bucket, '/*' ] ]
Condition:
StringNotEquals:
s3:x-amz-server-side-encryption: AES256
rLambdaInvokePermission:
#DependsOn: "int1-draps-us-east-1"
Type: AWS::Lambda::Permission
Properties:
FunctionName: us-east-1-upload
#FunctionName: !GetAtt rUploadLambda.Arn
Action: lambda:InvokeFunction
Principal: s3.amazonaws.com
SourceArn: !GetAtt rS3bucket.Arn
rS3bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
BucketName: !Sub ${pAWSAccountLC}-${pParentVPCLC}-${pAppNameLC}-${AWS::Region}
CorsConfiguration:
CorsRules:
- AllowedHeaders: [ChecksumValue, CheckDate]
AllowedMethods: [GET, PUT, POST, DELETE]
ExposedHeaders: [ChecksumValue, CheckDate]
AllowedOrigins: ['*']
LifecycleConfiguration:
Rules:
- Id: Transition1day
Status: Enabled
Transitions:
- TransitionInDays: !Ref pS3GLACIERTransitionPeriod
StorageClass: GLACIER
**NotificationConfiguration:
LambdaConfigurations:
-
Event: "s3:ObjectCreated:*"
Function:
Fn::ImportValue:
Fn::Sub: "us-east-1-upload-rUploadLambda"**