个人中心
gpt4 book ai didi

amazon-web-services - 资源之间的循环依赖 AWS::S3/LAMBDA

转载 作者:行者123 更新时间:2023-12-03 07:15:18 25 4
gpt4 key购买 nike

描述:将 AWS::Serverless::Function 定义为 AWS::S3::Bucket 的触发器时,目前无法使用受限访问的 SAM 预定义策略。

例如,让我们看一下以下模板:

Resources:

  BlobsBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub "blobs-${AWS::AccountId}-${AWS::Region}"


  ProcessBlobFunction:
    Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
    Properties:
      CodeUri: blobsprjct/
      Handler: processBlob.lambda_handler
      Runtime: python3.8
      Policies:
        - S3ReadPolicy:
            BucketName: !Sub "blobs-${AWS::AccountId}-${AWS::Region}"
        - AmazonRekognitionFullAccess
      Events:
        BlobsBucket:
          Type: S3
          Properties:
            Bucket: !Ref BlobsBucket
            Events: s3:ObjectCreated:*

这将失败:

Error: Failed to create changeset for the stack: blob, ex: WaiterChangeSetCreateComplete failed: Waiter encountered a terminal failurestate: For expression "Status" we matched expected path: "FAILED"Status: FAILED. Reason: Circular dependency between resources:[ProcessBlobFunction, ProcessBlobFunctionBlobsBucketPermission,BlobsBucket]

所有资源都说要设置 BucketName - 我已经有了它,我还添加了权限(不确定是否需要,导致错误保持更大的 1 点)

  AllowS3ToCallLambdaPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: 'lambda:InvokeFunction'
      FunctionName: !Ref ProcessBlobFunction
      Principal: s3.amazonaws.com
      SourceArn: !GetAtt BlobsBucket.Arn

这将会失败:

Error: Failed to create changeset for the stack: blob, ex: WaiterChangeSetCreateComplete failed: Waiter encountered a terminal failurestate: For expression "Status" we matched expected path: "FAILED"Status: FAILED. Reason: Circular dependency between resources:[ProcessBlobFunction, ProcessBlobFunctionBlobsBucketPermission,AllowS3ToCallLambdaPermission, BlobsBucket]

我被困了很长时间找不到解决方案。

最佳答案

不要在函数中使用!Ref BlobsBucket。您的存储桶具有固定且预定义的名称。因此请使用名称:

Bucket: !Sub "blobs-${AWS::AccountId}-${AWS::Region}"

权限中的存储桶 ARN 也是如此。另外,您可以添加DependsOn强制资源创建的正确顺序。

关于amazon-web-services - 资源之间的循环依赖 AWS::S3/LAMBDA,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68447965/

25 4 0
文章推荐: json - CFT 模板错误:Fn::If 中未解决条件依赖性 UseDBSnapshot
文章推荐: c++ - 禁用快速编辑模式时,SetConsoleMode返回ERROR_INVALID_PARAMETER
文章推荐: c++ - 如何在C++中将整数链接列表递归拆分为奇数和偶数列表?
文章推荐: amazon-web-services - AWS EFS 的访问点
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com