Amazon web services 在Terraform中创建S3 bucket通知时出错
我在创建桶通知以触发Lambda函数时遇到问题。错误:Amazon web services 在Terraform中创建S3 bucket通知时出错,amazon-web-services,amazon-s3,terraform,amazon-cloudformation,terraform-provider-aws,Amazon Web Services,Amazon S3,Terraform,Amazon Cloudformation,Terraform Provider Aws,我在创建桶通知以触发Lambda函数时遇到问题。错误: Error putting S3 notification configuration: InvalidArgument: Unable to validate the following destination configurations status code: 400 我已经读到类似的问题可能是由创建资源的顺序或Lambda权限丢失引起的。然而,我试着在我的代码中包含dependens\u,并多次应用模板,并在其间等待。我
Error putting S3 notification configuration: InvalidArgument: Unable to validate the following destination configurations
status code: 400
我已经读到类似的问题可能是由创建资源的顺序或Lambda权限丢失引起的。然而,我试着在我的代码中包含dependens\u
,并多次应用模板,并在其间等待。我使用的是限制最少的Lambda策略。我还尝试使用来自的精确示例代码,但这给了我一个完全不同的错误
如果在控制台中创建,则完全相同的设置可以正常工作
下面是我代码中有问题的部分:
resource "aws_lambda_function" "writeUsersToDB" {
filename = "writeUsersToDB.zip"
function_name = "writeUsersToDB"
role = "arn:aws:iam::0000000:role/AWSLambdaFullAccess"
handler = "main.lambda_handler"
memory_size = 256
timeout = 900
source_code_hash = filebase64sha256("writeUsersToDB.zip")
runtime = "python3.8"
environment {variables = local.parameters}
layers = [ "arn:aws:lambda:eu-west-2:0000000:layer:pandas-pandas-schema-numpy:1" ]
}
resource "aws_s3_bucket_notification" "event" {
bucket = aws_s3_bucket.user_data.id
lambda_function {
lambda_function_arn = aws_lambda_function.writeUsersToDB.arn
events = ["s3:ObjectCreated:*"]
filter_suffix = ".csv"
}
depends_on = [aws_lambda_function.writeUsersToDB]
}
resource "aws_s3_bucket" "user_data" {
bucket = "nameofthebucket"
}
您缺少:
非常感谢,这很有效!我已经坐了三天了。但我现在很困惑,为什么Lambda角色还不够?@madej Lambda函数有两种类型的权限:执行角色和基于资源的权限。你写的是第一种类型。但这里我们需要指定第二种类型,即可以调用函数的类型。在本例中,我们允许S3调用它。
resource "aws_lambda_permission" "example" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.writeUsersToDB.function_name
principal = "s3.amazonaws.com"
source_arn = aws_s3_bucket.user_data.arn
}