我第一次使用Serverless,并且在VPC中有一个Lambda,该Lambda试图将有效负载添加到SQS队列中,从而产生以下错误InvalidClientTokenId: The security token included in the request is invalid.
该错误表示访问密钥丢失或无效,这使我感到困惑并寻求帮助。这是我的serverless.yml文件。
service: my-service
provider:
name: aws
runtime: nodejs8.10
stage: prod
region: us-east-1
timeout: 600
memorySize: 512
versionFunctions: false
package:
excludeDevDependencies: true
exclude:
- .git/**
- .vscode/**
- .test/**
# Global Environment variables
environment:
${file(./configs/${self:provider.stage}.yml)}
# Permissions for all of your functions can be set here
iamRoleStatements:
# Gives permission to add to s3 buckets
- Effect: Allow
Action:
- s3:PutObject
- s3:DeleteObject
Resource: "*"
# Gives permission to Lambda execution
- Effect: Allow
Action:
- lambda:InvokeFunction
- lambda:InvokeAsync
Resource: "*"
# Gives permission to SQS
- Effect: Allow
Action:
- sqs:DeleteMessage
- sqs:ReceiveMessage
- sqs:SendMessage
Resource: "*"
custom:
region: ${self:provider.region}
stage: ${opt:stage, self:provider.stage}
prefix: ${self:custom.stage}-${self:service}
sqs-forms-schedule: ${self:custom.prefix}-messages-forms-schedule
sqs-forms-late: ${self:custom.prefix}-messages-forms-late
sqs-coc-schedule: ${self:custom.prefix}-messages-coc-schedule
sqs-certificates-expired: ${self:custom.prefix}-messages-certificates-expired
s3-coc-storage: ${self:custom.prefix}-storage-coc
serverless-offline:
host: '0.0.0.0'
# Dev
serverless-offline-sqs-esmq:
apiVersion: '2012-11-05'
endpoint: http://sqs:9324
region: us-east-1
accessKeyId: root
secretAccessKey: root
plugins:
- serverless-pseudo-parameters
- serverless-plugin-aws-alerts
- serverless-offline-scheduler
- serverless-offline-sqs-esmq
- serverless-offline
functions:
${file(serverless-dynamic.js)}
resources:
Resources:
# Policy to allow for VPC connection
AWSLambdaVPCAccessExecutionRole:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Creating policy for vpc connection
Roles:
- { "Ref": "IamRoleLambdaExecution" }
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
Resource: "*"
# SQS Queue to schedule a form for submission
FormScheduleQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.sqs-forms-schedule}
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
# SQS Queue to schedule a late form for reminder
FormLateQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.sqs-forms-late}
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
# SQS Queue to schedule a coc for submission
COCScheduleQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.sqs-coc-schedule}
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
# SQS Queue to schedule an expired certificate for reminder
CertificatesExpiredQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.sqs-certificates-expired}
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
我尝试创建新的访问密钥
这是发送到SQS的代码
sendToQueue: (message, queue) => {
const params = {
QueueUrl: queue,
MessageBody: JSON.stringify(message),
};
return new Promise((resolve, reject) => {
sqs.sendMessage(params, (error, data) => {
if (error) {
reject(error);
} else {
resolve(data);
}
});
});
},