个人中心
gpt4 book ai didi

aws-cloudformation - Cloudformation 创建 Lambda 及其关联角色

转载 作者:行者123 更新时间:2023-12-03 07:33:43 27 4
gpt4 key购买 nike

Cloudformation 让我很生气...我有以下 cloudformation 脚本

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Lambda Function + IAM role Resources",
    "Resources": {
        "NFTCalculateCIDLambdaRole": {
            "Type" : "AWS::IAM::Role",
            "DeletionPolicy": "Retain",
            "Properties" : {
                "AssumeRolePolicyDocument" :{

                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Service": "lambda.amazonaws.com"
                            },
                            "Action": "sts:AssumeRole"
                        }
                    ]
                },
                "Description" : "Role for execute CalculateCID lambda function",
                "ManagedPolicyArns" : [ "arn:aws:iam::670818552530:policy/PutLogsEventPolicy", "arn:aws:iam::aws:policy/AmazonS3FullAccess" ],
                "RoleName" : "NFT-CalculateCIDLambdaRoleTEST"
            }
        },
        "InterpolazioneRole": {
            "Fn::Join": [
              "", [
                "arn:aws:iam::",
                {
                  "Ref": "AWS::Account"
                },
                ":role/",
                {
                  "Fn::GetAtt": ["CalculateCIDLambdaRole", "RoleName"]
                }
              ]
            ]
        },
        "CalculateCID":{

            "Type" : "AWS::Lambda::Function",
            "DeletionPolicy": "Retain",
            "Properties" : {
                "Code": {
                    "S3Bucket": "deploy-stack",
                    "S3Key": "CalculateCID-3496f166-0f1d-40b4-8766-c5d29e4950ff.zip"
                },
                "Description" : "Calculates the CID for a given filename",
                "Environment" : {
                    "Variables": {
                        "DELETE_S3_FILE_AFTER_PROCESSING": "true",
                        "TMP_DOWNLOAD_BUCKET": "content-temporary-files"
                    }
                },
                "FunctionName" : "CalculateCID",
                "PackageType" : "Zip",
                "Role" : "Fn::Join",
                "Runtime" : "Node.js 12.x"
            }
        }
    }
}

但是当我执行它时,我得到了

An error occurred (ValidationError) when calling the CreateStackSet operation: Invalid template resource property 'Fn::Join' (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: 106e6351-a4b9-41a4-9d8d-fe2ff6902e87; Proxy: null)

问题是我不知道如何传递上一步生成的 arn..有人可以帮助我吗?

最佳答案

对于 Lambda 函数,角色必须与其 Arn 一起提及。您可以使用 this 的返回值IAM 资源的文档。您正在尝试使用连接函数创建资源,但您不能。直接从 Lambda 引用 IAM 角色的 arn。

使用 Fn::GetAtt 更新您的 Cloudformation Role 属性并删除未使用的资源。

"Role" : {"Fn::GetAtt" : ["NFTCalculateCIDLambdaRole", "Arn"] }
{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Lambda Function + IAM role Resources",
    "Resources": {
        "NFTCalculateCIDLambdaRole": {
            "Type" : "AWS::IAM::Role",
            "DeletionPolicy": "Retain",
            "Properties" : {
                "AssumeRolePolicyDocument" :{

                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Service": "lambda.amazonaws.com"
                            },
                            "Action": "sts:AssumeRole"
                        }
                    ]
                },
                "Description" : "Role for execute CalculateCID lambda function",
                "ManagedPolicyArns" : [ "arn:aws:iam::670818552530:policy/PutLogsEventPolicy", "arn:aws:iam::aws:policy/AmazonS3FullAccess" ],
                "RoleName" : "NFT-CalculateCIDLambdaRoleTEST"
            }
        },
        "CalculateCID":{

            "Type" : "AWS::Lambda::Function",
            "DeletionPolicy": "Retain",
            "Properties" : {
                "Code": {
                    "S3Bucket": "deploy-stack",
                    "S3Key": "CalculateCID-3496f166-0f1d-40b4-8766-c5d29e4950ff.zip"
                },
                "Description" : "Calculates the CID for a given filename",
                "Environment" : {
                    "Variables": {
                        "DELETE_S3_FILE_AFTER_PROCESSING": "true",
                        "TMP_DOWNLOAD_BUCKET": "content-temporary-files"
                    }
                },
                "FunctionName" : "CalculateCID",
                "PackageType" : "Zip",
                "Role" : {"Fn::GetAtt" : ["NFTCalculateCIDLambdaRole", "Arn"] },
                "Runtime" : "Node.js 12.x"
            }
        }
    }
}

关于aws-cloudformation - Cloudformation 创建 Lambda 及其关联角色,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71884810/

27 4 0
文章推荐: amazon-web-services - 如何使用 boto3 从已删除的 CloudFormation 堆栈中检索信息?
文章推荐: aws-cloudformation - 无服务器 cfn 资源引用无法解析
文章推荐: amazon-web-services - 如何在 cloudformation 模板中指定 subnetID(从现有子网或我创建的子网)?
文章推荐: amazon-web-services - AWS云信息: is supporting multiple LogDrivers possible in ContainerDefinitions
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com