无服务器资源部署状态为“ CREATE_IN_PROGRESS”

时间:2020-06-25 12:48:49

标签: amazon-web-services elasticsearch amazon-cloudformation serverless

我使用所有必要的策略为Elasticsearch创建了一个无服务器资源。我们正在使用种子来构建和部署到cloudformation堆栈。已创建策略,正在创建Elasticsearch域,并且该策略也已附加到域。但是它花费的时间很长,甚至需要等待一个小时左右,状态仍然为“ CREATE_IN_PROGRESS”。该过程尚未完成。

我尝试了没有策略的情况,该策略无需花费太多时间即可创建elasticsearch域。

有什么建议吗?

更新:无服务器资源

Resources:
ElasticSearchInstance:
    Type: AWS::Elasticsearch::Domain
    Properties:
      ElasticsearchVersion: 7.4
      DomainName: ${self:custom.stage}-domainName
      EBSOptions:
        EBSEnabled: true
        VolumeType: gp2
        VolumeSize: 10
      ElasticsearchClusterConfig:
        InstanceType: "t2.small.elasticsearch"
        InstanceCount: 1
        DedicatedMasterEnabled: false
        ZoneAwarenessEnabled: false
      CognitoOptions:
          Enabled: true
          IdentityPoolId:
            Ref: CognitoIdentityPool
          RoleArn:
            Fn::GetAtt: [ElasticSearchLambdaServiceRole, Arn]
          UserPoolId:
            Ref: CognitoUserPool

  ElasticSearchLambdaServiceRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: ElasticSearchLambdaServiceRole
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - es.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: ElasticSearchAccessPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              # # Policy same as "AmazonESCognitoAccess"
              - Effect: "Allow"
                Action:
                  - "cognito-idp:DescribeUserPool"
                  - "cognito-idp:DescribeUserPoolClient"
                  - "cognito-idp:AdminInitiateAuth"
                  - "cognito-idp:AdminUserGlobalSignOut"
                  - "cognito-idp:ListUserPoolClients"
                  - "cognito-identity:DescribeIdentityPool"
                  - "cognito-identity:SetIdentityPoolRoles"
                  - "cognito-identity:GetIdentityPoolRoles"
                Resource: "*"
              - Effect: "Allow"
                Action: "iam:PassRole"
                Resource: "*"
                Condition:
                  StringLike:
                    "iam:PassedToService": "cognito-identity.amazonaws.com"
              - Effect: Allow
                Action: "es:ESHttpGet"
                Resource: "*"
              - Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource:
                  - 'Fn::Join':
                      - ':'
                      -
                        - 'arn:aws:logs'
                        - Ref: 'AWS::Region'
                        - Ref: 'AWS::AccountId'
                        - 'log-group~:/aws/lambda/*:*:*'
              - Effect: "Allow"
                Action:
                  - "es:*"
                Resource:
                  - 'Fn::Join':
                      - ''
                      -
                        - 'arn:aws:es:'
                        - Ref: 'AWS::Region'
                        - ':'
                        - Ref: 'AWS::AccountId'
                        - ':domain/'
                        - "${self:custom.stage}-domainName"
                        - '/*'

0 个答案:

没有答案
相关问题
最新问题