我正在使用无服务器框架来部署和编程aws lambda函数,并且由于我的函数已经准备好投入生产,因此我需要删除敏感密钥并决定使用aws系统管理器(ssm参数存储)在aws中使用这些密钥。安全的方式,但是在部署时,我收到以下与使用这些密钥有关的错误消息。我认为这可能与我与lambda手动关联的Iam角色有关,但是我不确定会发生什么。
错误:
Serverless Information ----------------------------------
##########################################################################################
# 47555: 0 of 2 promises have settled
# 47555: 2 unsettled promises:
# 47555: ssm:mg-production-domain~true waited on by: undefined
# 47555: ssm:mg-production-api-key~true waited on by: undefined
# This can result from latent connections but may represent a cyclic variable dependency
##########################################################################################
YAML:
provider:
name: aws
runtime: nodejs10.x
stage: dev
region: us-east-1
environment:
MG_PRODUCTION_DOMAIN: ${ssm:mg-production-domain~true}
MG_PRODUCTION_API_KEY: ${ssm:mg-production-api-key~true}
这是我添加到lambda的Iam Role策略,但是我相信通过YAML文件添加Iam Role可能是一种更好的方法:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ssm:DescribeParameters",
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ssm:GetParameters",
"Resource": "arn:aws:ssm:us-east-1:*account-id*:parameter/*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "ssm:GetParameter",
"Resource": "arn:aws:ssm:us-east-1:*account-id*:parameter/*"
}
]
}