我试图通过以下方式为所有lambda函数启用aws-xray:
serverless.yml
provider:
tracing:
lambda: true
apiGateway: true
name: aws
runtime: nodejs8.10
stage: ${opt:stage, 'dev'}
region: ${opt:region, 'ca-central-1'}
service.ts
import * as AWS from 'aws-sdk'
import * as AWSXRay from 'aws-xray-sdk'
const XAWS = AWSXRay.captureAWS(AWS)
const docClient: DocumentClient = new XAWS.DynamoDB.DocumentClient()
const s3 = new XAWS.S3({signatureVersion: 'v4'})
在sls deploy之后,出现以下错误:
An error occurred: <some_lambda funcion> - The provided execution role does not have permissions to call PutTraceSegments on XRAY (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 364243f8-8847-48ef-87ad-75da2537e7f7).
我不确定是什么问题。我也尝试过部署:
iamRoleStatements:
- Effect: Allow
Action:
- "xray:PutTraceSegments"
- "xray:PutTelemetryRecords"
Resource:
- "*"
还是同样的问题。
我非常感谢您的帮助,因为我不知道为什么会出现问题,尤其是因为我有另一个项目以完全相同的方式启用了跟踪,而没有任何问题!
package.json:
{
"name": "mini-twitter",
"version": "1.0.0",
"description": "Serverless Mini-Twitter app",
"dependencies": {
"aws-xray-sdk": "^2.2.0",
"source-map-support": "^0.5.11",
},
"devDependencies": {
"@types/aws-lambda": "^8.10.17",
"@types/node": "^10.14.4",
"aws-sdk": "^2.433.0",
"serverless-iam-roles-per-function": "^1.0.4",
"serverless-webpack": "^5.2.0",
"ts-loader": "^5.3.3",
"typescript": "^3.4.1",
}
}
答案 0 :(得分:3)
您需要安装插件:
就像Gareth McCumskey的评论一样(谢谢!)
只需使用:
serverless plugin install --name serverless-plugin-tracing
或手动执行:
npm install --save-dev serverless-plugin-tracing
并在您的serverless.yml上启用它:
plugins:
- serverless-plugin-tracing
现在您的文件如下所示:
provider:
name: aws
stage: test
tracing: true # enable tracing
iamRoleStatements:
- Effect: "Allow" # xray permissions (required)
Action:
- "xray:PutTraceSegments"
- "xray:PutTelemetryRecords"
Resource:
- "*"
plugins:
- serverless-plugin-tracing
更多信息: https://serverless.com/plugins/serverless-plugin-tracing/
答案 1 :(得分:1)
如果允许
- Effect: Allow
Action:
- "xray:PutTraceSegments"
- "xray:PutTelemetryRecords"
Resource:
- "*"
不是全局的,那么您还应该确保在此处的lambda中提到的<some_lambda funcion>函数也应具有权限。也就是说,如果您使用的是serverless-iam-roles-per-function之类的插件
这适用于我的情况,但是我仍然没有找到问题的确切原因,因为其他人没有解决该问题。
答案 2 :(得分:0)
似乎sls deploy命令没有将X-Ray权限添加到IAM角色。您是否尝试过手动添加?
转到AWS控制台,导航至IAM,找到与部署相对应的角色,并将AWSXrayWriteOnlyAccess策略附加到该角色,然后查看其是否有效。