使用localstack从另一个Lambda调用Lambda时发生UnrecognizedClientException

时间:2019-08-08 20:29:04

标签: amazon-web-services aws-lambda invoke localstack

我正在使用此docker-compose.yml文件在docker容器中运行localstack。

version: '2.1'

services:
  localstack:
    image: localstack/localstack
    ports:
      - "4567-4597:4567-4597"
      - "${PORT_WEB_UI-8080}:${PORT_WEB_UI-8080}"
    environment:
      - SERVICES=${SERVICES- }
      - DEBUG=1
      - DATA_DIR=${DATA_DIR- }
      - PORT_WEB_UI=${PORT_WEB_UI- }
      - LAMBDA_EXECUTOR=docker
      - KINESIS_ERROR_PROBABILITY=${KINESIS_ERROR_PROBABILITY- }
      - DOCKER_HOST=unix:///var/run/docker.sock
    volumes:
      - "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
      - "/var/run/docker.sock:/var/run/docker.sock"

要启动本地堆栈,我运行TMPDIR=/private$TMPDIR docker-compose up

我创建了两个lambda。当我运行aws lambda list-functions --endpoint-url http://localhost:4574 --region=us-east-1时,这是输出。

{
"Functions": [
    {
        "TracingConfig": {
            "Mode": "PassThrough"
        },
        "Version": "$LATEST",
        "CodeSha256": "qmDiumefhM0UutYv32By67cj24P/NuHIhKHgouPkDBs=",
        "FunctionName": "handler",
        "LastModified": "2019-08-08T17:56:58.277+0000",
        "RevisionId": "ffea379b-4913-420b-9444-f1e5d51b5908",
        "CodeSize": 5640253,
        "FunctionArn": "arn:aws:lambda:us-east-1:000000000000:function:handler",
        "Environment": {
            "Variables": {
                "DB_NAME": "somedbname",
                "IS_PRODUCTION": "FALSE",
                "SERVER": "xxx.xxx.xx.xxx",
                "DB_PASS": "somepass",
                "DB_USER": "someuser",
                "PORT": "someport"
            }
        },
        "Handler": "handler",
        "Role": "r1",
        "Timeout": 3,
        "Runtime": "go1.x",
        "Description": ""
    },
    {
        "TracingConfig": {
            "Mode": "PassThrough"
        },
        "Version": "$LATEST",
        "CodeSha256": "wbT8YzTsYW4sIOAXLtjprrveq5NBMVUaa2srNvwLxM8=",
        "FunctionName": "paymentenginerouter",
        "LastModified": "2019-08-08T18:00:28.923+0000",
        "RevisionId": "bd79cb2e-6531-4987-bdfc-25a5d87e93f4",
        "CodeSize": 6602279,
        "FunctionArn": "arn:aws:lambda:us-east-1:000000000000:function:paymentenginerouter",
        "Environment": {
            "Variables": {
                "DB_QUERY_LAMBDA": "handler",
                "AWS_REGION": "us-east-1"
            }
        },
        "Handler": "handler",
        "Role": "r1",
        "Timeout": 3,
        "Runtime": "go1.x",
        "Description": ""
    }
]

}

paymentenginerouter代码中,我试图通过以下方式调用handler lambda:

    lambdaParams := &invoke.InvokeInput{
    FunctionName:   aws.String(os.Getenv("DB_QUERY_LAMBDA")),
    InvocationType: aws.String("RequestResponse"),
    LogType:        aws.String("Tail"),
    Payload:        payload,
}
result, err := svc.Invoke(lambdaParams)
if err != nil {
    resp.StatusCode = 500
    log.Fatal("Error while invoking lambda:\n", err.Error())
}

invoke是导入位置:invoke "github.com/aws/aws-sdk-go/service/lambda"

通过以下方式运行paymentenginerouter lambda时:

aws lambda invoke --function paymentenginerouter --payload  '{ "body": "{\"id\":\"12\",\"internalZoneCode\":\"xxxxxx\",\"vehicleId\":\"xxxxx\",\"vehicleVrn\":\"vehicleVrn\",\"vehicleVrnState\":\"vehicleVrnState\",\"durationInMinutes\":\"120\",\"verification\":{\"Token\":null,\"lpn\":null,\"ZoneCode\":null,\"IsExtension\":null,\"ParkingActionId\":null},\"selectedBillingMethodId\":\"xxxxxx\",\"startTimeLocal\":\"2019-07-29T11:36:47\",\"stopTimeLocal\":\"2019-07-29T13:36:47\",\"vehicleVin\":null,\"orderId\":\"1\",\"parkingActionType\":\"OnDemand\",\"digitalPayPaymentInfo\":{\"Provider\":\"<string>\",\"ChasePayData\":{\"ConsumerIP\":\"xxxx\",\"DigitalSessionID\":\"xxxx\",\"TransactionReferenceKey\":\"xxxx\"}}}"
}' --endpoint-url=http://localhost:4574 --region=us-east-1 out --debug

我收到此错误:

localstack_1  | 2019/08/08 20:02:28 Error while invoking lambda:
localstack_1  | UnrecognizedClientException: The security token included in the request is invalid.
localstack_1  |     status code: 403, request id: bd4e3c15-47ae-44a2-ad6a-376d78d8fd92

注意

可以直接通过cli调用handler lambda,而不会出错:

aws lambda invoke --function handler --payload '{"body": "SELECT TOKEN, NAME, CREATED, ENABLED, TIMESTAMP FROM dbo.PAYMENT_TOKEN WHERE BILLING_METHOD_ID='xxxxxxx'"}' --endpoint-url=http://localhost:4574 --region=us-east-1 out --debug

我认为AWS凭证是根据localstack中的环境变量设置的,但我可能会误会。知道如何解决这个问题吗?

我对AWS lambda很陌生,对于localstack来说绝对不是菜鸟,所以请询问更多详细信息是否需要它们。我的描述中可能会丢失一些关键信息。

1 个答案:

答案 0 :(得分:0)

您收到The security token included in the request is invalid.的错误消息意味着您的lambda尝试使用无效的凭据调出真实的AWS,而不是转到Localstack。

在localstack中运行lambda时,lambda代码本身必须调出localstack中托管的任何AWS服务时,您将需要确保将使用的所有端点都重定向到localstack。

为此,在本地堆栈中有一个已记录的功能:

https://github.com/localstack/localstack#configurations

  

LOCALSTACK_HOSTNAME:提供LocalStack服务的主机的名称。   为了从Lambda函数中访问服务,这是必需的   (例如,将项目从Lambda存储到DynamoDB或S3)。变量   LOCALSTACK_HOSTNAME可用于本地Lambda执行   (LAMBDA_EXECUTOR = local)并在单独的Docker容器中执行   (LAMBDA_EXECUTOR = docker)。

在您的lambda代码中,请确保您使用此环境变量来设置主机名(在http://之前加上本地堆栈中该服务的端口号,例如dynamodb的:4569)。这样可以确保将呼叫转到正确的位置。

Go代码段中的示例,该示例将被添加到您正在调用DynamoDB的lambda中:

awsConfig.WithEndpoint("http://" + os.Getenv("LOCALSTACK_HOSTNAME") + ":4569")
相关问题
最新问题