AWS lambda函数中的循环依赖关系

时间:2018-01-26 07:12:14

标签: amazon-web-services aws-lambda

以下是lambda函数的template.yaml。我试图添加访问status数据库的权限。但是,它需要数据库存在,反之亦然,因此我得到DynamoDBIamPolicy的循环依赖性错误。我该如何解决这个问题?

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: An AWS Serverless Specification template describing your function.
Resources:
  friendTeachers:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: friendTeachers/index.handler
      Runtime: nodejs6.10
      Description: ''
      MemorySize: 128
      Timeout: 15
  status:
    Type: 'AWS::DynamoDB::Table'
    Properties:
      TableName: status
      AttributeDefinitions:
        - AttributeName: screenName
          AttributeType: S
      KeySchema:
        - AttributeName: screenName
          KeyType: HASH
      ProvisionedThroughput:
        ReadCapacityUnits: 1
        WriteCapacityUnits: 1
  # A policy is a resource that states one or more permssions. It lists actions, resources and effects.
  DynamoDBIamPolicy: 
    Type: 'AWS::IAM::Policy'
    DependsOn: status
    Properties:
      PolicyName: lambda-dynamodb
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - dynamodb:DescribeTable
              - dynamodb:Query
              - dynamodb:Scan
              - dynamodb:GetItem
              - dynamodb:PutItem
              - dynamodb:UpdateItem
              - dynamodb:DeleteItem
              - dynamodb:batchWriteItem
            Resource: arn:aws:dynamodb:*:*:table/status
      Roles:
        - Ref: IamRoleLambdaExecution

1 个答案:

答案 0 :(得分:0)

您缺少一个角色,您指定lambda服务可以 AssumeRole 。该角色需要具有关联的策略,该策略指定可以在DynamoDb表中执行的操作。在下面找到一个示例,显示您要完成的任务:

---
AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: An AWS Serverless Specification template describing your function.
Resources:
  friendTeachersFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket:
          Ref: LambdaCodeBucket
        S3Key:
          Ref: LambdaCodePath
      Handler: friendTeachers/index.handler
      Runtime: "nodejs6.10"
      Description: ''
      MemorySize: 128
      Timeout: 15
      Role:
        Fn::GetAtt:
        - friendTeachersExecutionRole
        - Arn
  friendTeachersExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Policies:
      - PolicyName: UseDBPolicy
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
              - dynamodb:DescribeTable
              - dynamodb:Query
              - dynamodb:Scan
              - dynamodb:GetItem
              - dynamodb:PutItem
              - dynamodb:UpdateItem
              - dynamodb:DeleteItem
              - dynamodb:batchWriteItem
            Resource: arn:aws:dynamodb:*:*:table/status
  APIDynamoDBTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: status
      AttributeDefinitions:
        - AttributeName: screenName
          AttributeType: S
      KeySchema:
        - AttributeName: screenName
          KeyType: HASH
      ProvisionedThroughput:
        ReadCapacityUnits: 1
        WriteCapacityUnits: 1

请注意Code.S3Bucket和Code.S3Key被定义为参数。在AWS Console中创建堆栈时,您可以指定其中的路径。

相关问题
最新问题