我接管了一些代码,在这些代码中,我对其最初的构建方式没有任何了解,我唯一的任务是“部署到 AWS”。这是一个使用 cloudformation、lambda、s3、cognito 和 dynamoDb 的 SAM 应用程序。
我已安装 aws-cli 和 aws-sam-cli 并尽我所能配置 IAM,但在尝试部署时遇到以下错误:
Creating the required resources...
Error: Failed to create managed resources: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state: For expression "Status" we matched expected path: "FAILED"
值得注意的是,在阅读 AWS 示例 hello-world SAM 教程时,我得到了同样的信息。 https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-getting-started-hello-world.html
本教程没有提到对其代码进行任何修改,这是它附带的 template.yml。
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
test-app
Sample SAM Template for test-app
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 3
Resources:
HelloWorldFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
CodeUri: hello-world/
Handler: app.lambdaHandler
Runtime: nodejs14.x
Events:
HelloWorld:
Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Properties:
Path: /hello
Method: get
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
HelloWorldApi:
Description: "API Gateway endpoint URL for Prod stage for Hello World function"
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/hello/"
HelloWorldFunction:
Description: "Hello World Lambda Function ARN"
Value: !GetAtt HelloWorldFunction.Arn
HelloWorldFunctionIamRole:
Description: "Implicit IAM Role created for Hello World function"
Value: !GetAtt HelloWorldFunctionRole.Arn
我在网上看到了其他类似的错误,答案是 yaml 格式不正确,但我认为来自 AWS 的 template.yml 是正确的。我想我的问题是 - 出了什么问题,我该如何解决?有没有办法知道 IAM 权限是否正确?我授予了对 lamdba、cloudformation、cognito 用户池、api 网关和 iam:listPolicies 的所有访问权限(除了已经存在的 dynamodb、s3 权限)
我使用了 sam validate 并且它返回成功,所以我不确定还可以尝试什么。我在部署之前执行了 sam build
步骤,我以 deploy --guided
和 deploy --guided --capabilities CAPABILITY_IAM
和 deploy --guided --capabilities CAPABILITY_NAMED_IAM
运行部署命令,但都没有运气。