Amazon cloudformation 获取Cloudformation模板上Dynamodb VPC终结点的错误
我是cft的新手,我是!参考VpcID函数,我将参数化为vpcIds,我需要将VpcID作为dynamodb endpont的必填字段。请有人建议我如何传递此VpcIDAmazon cloudformation 获取Cloudformation模板上Dynamodb VPC终结点的错误,amazon-cloudformation,aws-cloudformation-custom-resource,Amazon Cloudformation,Aws Cloudformation Custom Resource,我是cft的新手,我是!参考VpcID函数,我将参数化为vpcIds,我需要将VpcID作为dynamodb endpont的必填字段。请有人建议我如何传递此VpcID AWSTemplateFormatVersion: 2010-09-09 Resources: LambdaFunction: Type: 'AWS::Lambda::Function' Properties: Code: ZipFile: | const AW
AWSTemplateFormatVersion: 2010-09-09
Resources:
LambdaFunction:
Type: 'AWS::Lambda::Function'
Properties:
Code:
ZipFile: |
const AWS = require('aws-sdk');//code goes here
FunctionName:
Ref: LambdaFuncName
Handler: index.handler
Runtime: nodejs14.x
Role: !GetAtt IAMRole.Arn
VpcConfig:
SecurityGroupIds:
Ref: SecurityGroups
SubnetIds:
Ref: Subnets
DependsOn:
- DynamoDBTable
DynamoDBTable:
Type: 'AWS::DynamoDB::Table'
Properties:
TableName:
Ref: DynamoDBTableName
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: '5'
WriteCapacityUnits: '5'
DependsOn:
- IAMRole
APIGatewayRestAPI:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name:
Ref: APIName
DependsOn:
- LambdaFunction
APIGatewayResource:
Type: 'AWS::ApiGateway::Resource'
Properties:
RestApiId: !Ref APIGatewayRestAPI
ParentId: !GetAtt
- APIGatewayRestAPI
- RootResourceId
PathPart:
Ref: LambdaFuncName
DependsOn:
- APIGatewayRestAPI
APIGatewayMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
RestApiId: !Ref APIGatewayRestAPI
ResourceId: !Ref APIGatewayResource
HttpMethod: POST
AuthorizationType: NONE
MethodResponses:
- StatusCode: 200
Integration:
Type: AWS
IntegrationResponses:
- StatusCode: 200
IntegrationHttpMethod: POST
Uri: !Sub
- >-
arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFuncNameArn}/invocations
- LambdaFuncNameArn: !GetAtt LambdaFunction.Arn
DependsOn:
- APIGatewayResource
APIGatewayDeployment:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref APIGatewayRestAPI
StageName:
Ref: EnvironmentName
DependsOn:
- APIGatewayMethod
APIGatewayPermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt LambdaFunction.Arn
Principal: apigateway.amazonaws.com
DependsOn:
- APIGatewayDeployment
IAMRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: Policy_api-lambda-db
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'dynamodb:BatchGetItem'
- 'dynamodb:BatchWriteItem'
- 'dynamodb:TagResource'
- 'dynamodb:UntagResource'
- 'dynamodb:PutItem'
- 'dynamodb:DeleteItem'
- 'dynamodb:GetItem'
- 'dynamodb:Scan'
- 'dynamodb:Query'
- 'dynamodb:UpdateItem'
Resource: '*'
- Effect: Allow
Action:
- 'logs:CreateLogStream'
- 'logs:CreateLogGroup'
- 'logs:PutLogEvents'
Resource: '*'
- Effect: Allow
Action:
- 'ec2:DescribeNetworkInterfaces'
- 'ec2:CreateNetworkInterface'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DescribeInstances'
- 'ec2:AttachNetworkInterface'
Resource: '*'
DynamoDBEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
ServiceName: !Sub "com.amazonaws.${AWS::Region}.dynamodb"
VpcId: !Ref VpcID
PolicyDocument: {
"Id": "Policy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement",
"Action": "dynamodb:*",
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:us-east-1:123412341234:table/test",
"Principal": "*"
}
]
}
VpcID:
Type: 'AWS::EC2::VPC'
Properties:
Name:
Ref: vpcId
Parameters:
LambdaFuncName:
Type: String
Default: Lambda_api-lambda-db
DynamoDBTableName:
Type: String
Default: Dynamo_api-lambda-db
APIName:
Type: String
Default: API_api-lambda-db
EnvironmentName:
Type: String
Default: Prod
SecurityGroups:
Type: 'List<AWS::EC2::SecurityGroup::Id>'
Subnets:
Type: 'List<AWS::EC2::Subnet::Id>'
vpcId:
Type: 'AWS::EC2::VPC::Id'
AWST模板格式版本:2010-09-09
资源:
λ函数:
类型:“AWS::Lambda::Function”
特性:
代码:
ZipFile:|
const AWS=require('AWS-sdk')//代码在这里
函数名:
参考:lambdafunchname
处理程序:index.Handler
运行时:nodejs4.x
角色:!GetAtt IAMRole.Arn
VpcConfig:
SecurityGroupId:
参考:安全组
子网:
参考:子网
德彭森:
-发电机
发电机电缆:
类型:“AWS::DynamoDB::Table”
特性:
表名:
参考:DynamoDBTableName
属性定义:
-AttributeName:id
属性类型:S
KeySchema:
-AttributeName:id
关键字类型:哈希
通过以下方式提供:
ReadCapacityUnits:'5'
写容量单位:“5”
德彭森:
-天竺葵
APIGatewayRestAPI:
类型:“AWS::ApiGateway::RestApi”
特性:
姓名:
参考:APIName
德彭森:
-λ函数
APIGatewayResource:
类型:“AWS::ApiGateway::Resource”
特性:
RestApiId:!参考APIGatewayRestAPI
家长ID:!格塔特
-APIGatewayRestAPI
-根资源ID
路径部分:
参考:lambdafunchname
德彭森:
-APIGatewayRestAPI
APIGatewayMethod:
类型:“AWS::ApiGateway::Method”
特性:
RestApiId:!参考APIGatewayRestAPI
资源ID:!参考APIGatewayResource
HttpMethod:POST
授权类型:无
方法反应:
-状态代码:200
整合:
类型:AWS
集成响应:
-状态代码:200
集成httpmethod:POST
Uri:!附属的
- >-
arn:aws:apigateway:${aws::Region}:lambda:path/2015-03-31/functions/${LambdaFuncNameArn}/invocations
-LambdaFuncNameArn:!getattlambdafunction.Arn
德彭森:
-网关资源
APIGatewayDeployment:
类型:“AWS::ApiGateway::部署”
特性:
RestApiId:!参考APIGatewayRestAPI
舞台名称:
参考:环境名称
德彭森:
-Apigateway方法
APIGatewayPermission:
类型:“AWS::Lambda::权限”
特性:
操作:“lambda:InvokeFunction”
函数名:!getattlambdafunction.Arn
负责人:apigateway.amazonaws.com
德彭森:
-网关部署
IAM角色:
类型:“AWS::IAM::角色”
特性:
假设政策文件:
版本:2012-10-17
声明:
-效果:允许
负责人:
服务:
-lambda.amazonaws.com
行动:
-“sts:假设角色”
路径:/
政策:
-PolicyName:Policy_api-lambda-db
政策文件:
版本:2012-10-17
声明:
-效果:允许
行动:
-“dynamodb:BatchGetItem”
-'dynamodb:BatchWriteItem'
-“dynamodb:TagResource”
-“dynamodb:未聚合的资源”
-“dynamodb:PutItem”
-“dynamodb:DeleteItem”
-“dynamodb:GetItem”
-“dynamodb:扫描”
-“dynamodb:Query”
-'dynamodb:UpdateItem'
资源:'*'
-效果:允许
行动:
-'日志:CreateLogStream'
-'日志:CreateLogGroup'
-“日志:PutLogEvents”
资源:'*'
-效果:允许
行动:
-'ec2:DescribeNetworkInterfaces'
-“ec2:CreateNetworkInterface”
-“ec2:DeleteNetworkInterface”
-“ec2:描述说明”
-“ec2:AttachNetworkInterface”
资源:'*'
动力点:
类型:“AWS::EC2::VPCEndpoint”
特性:
服务名称:!Sub“com.amazonaws.${AWS::Region}.dynamodb”
VpcId:!参考VpcID
政策文件:{
“Id”:“策略”,
“版本”:“2012-10-17”,
“声明”:[
{
“Sid”:“语句”,
“动作”:“dynamodb:*”,
“效果”:“允许”,
“资源”:“arn:aws:dynamodb:us-east-1:123412341234:table/test”,
“委托人”:“*”
}
]
}
VpcID:
类型:“AWS::EC2::VPC”
特性:
姓名:
参考:vpcId
参数:
LambdaFuncName:
类型:字符串
默认值:Lambda_api-Lambda-db
DynamoDBTableName:
类型:字符串
默认值:Dynamo_api-lambda-db
APIName:
类型:字符串
默认值:API_API-lambda-db
环境名称:
类型:字符串
默认值:Prod
安全组:
键入:“列表”
子网:
键入:“列表”
vpcId:
类型:“AWS::EC2::VPC::Id”
在这里,我遇到错误在创建VpcID时遇到不支持的属性名,我的主要重点是在vpc内创建lambda,并创建一个dynamodb端点以私下访问dynamodb。请就此向我提出建议。确切的错误是什么?您是否在资源:部分中有您的资源?是的,已全部发布,请立即检查,您收到的错误是什么?检测到1个验证错误:Value'[AWS::ApiGateway::Resource、AWS::DynamoDB::Table、AWS::ApiGateway::Method、AWS::EC2::VPCEndpoint、AWS::EC2::VPC::Id、AWS::IAM::Role、AWS::Lambda::Function、AWS::ApiGateway::Deployment、AWS::ApiGateway::RestApi、AWS::Lambda::Permission]“at”无法满足约束:成员必须满足约束:[成员的长度必须小于或等于204,成员的长度必须大于或等于