Amazon web services 如何在无服务器框架中为多个dynamodb表定义IAroleStatements资源?
我想在我的无服务器项目中使用多个dynamodb表。如何在IAroleStatement中正确定义多个资源 我有一个例子Amazon web services 如何在无服务器框架中为多个dynamodb表定义IAroleStatements资源?,amazon-web-services,amazon-dynamodb,serverless-framework,Amazon Web Services,Amazon Dynamodb,Serverless Framework,我想在我的无服务器项目中使用多个dynamodb表。如何在IAroleStatement中正确定义多个资源 我有一个例子serverless.yml service: serverless-expense-tracker frameworkVersion: ">=1.1.0 <2.0.0" provider: name: aws runtime: nodejs6.10 environment: EXPENSES_TABLE: "${self:service}-$
serverless.yml
service: serverless-expense-tracker
frameworkVersion: ">=1.1.0 <2.0.0"
provider:
name: aws
runtime: nodejs6.10
environment:
EXPENSES_TABLE: "${self:service}-${opt:stage, self:provider.stage}-expenses"
BUDGETS_TABLE: "${self:service}-${opt:stage, self:provider.stage}-budgets"
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.EXPENSES_TABLE}"
# what is the best way to add the other DB as a resource
functions:
create:
handler: expenseTracker/create.create
events:
- http:
path: expenses
method: post
cors: true
list:
handler: expenseTracker/list.list
events:
- http:
path: expenses
method: get
cors: true
get:
handler: expenseTracker/get.get
events:
- http:
path: expenses/{id}
method: get
cors: true
update:
handler: expenseTracker/update.update
events:
- http:
path: expenses/{id}
method: put
cors: true
delete:
handler: expenseTracker/delete.delete
events:
- http:
path: expenses/{id}
method: delete
cors: true
resources:
Resources:
DynamoDbExpenses:
Type: 'AWS::DynamoDB::Table'
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
-
AttributeName: id
AttributeType: S
KeySchema:
-
AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
TableName: ${self:provider.environment.EXPENSES_TABLE}
DynamoDbBudgets:
Type: 'AWS::DynamoDB::Table'
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
-
AttributeName: id
AttributeType: S
KeySchema:
-
AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
TableName: ${self:provider.environment.BUDGETS_TABLE}
服务:无服务器费用追踪器
框架版本:“>=1.1.0我明白了
该键只是在键-Resource
下添加了一个列表,但我还了解到,在设置表时最好只使用您使用的LogicalID。下面的完整示例:
service: serverless-expense-tracker
frameworkVersion: ">=1.1.0 <2.0.0"
provider:
name: aws
runtime: nodejs6.10
environment:
EXPENSES_TABLE: { "Ref": "DynamoDbExpenses" } #DynamoDbExpenses is a logicalID also used when provisioning below
BUDGETS_TABLE: { "Ref": "DynamoDbBudgets" }
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource:
- { "Fn::GetAtt": ["DynamoDbExpenses", "Arn"] } #you will also see the logical IDs below where they are provisioned
- { "Fn::GetAtt": ["DynamoDbBudgets", "Arn"] }
functions:
create:
handler: expenseTracker/create.create
events:
- http:
path: expenses
method: post
cors: true
createBudget:
handler: expenseTracker/createBudget.createBudget
events:
- http:
path: budgets
method: post
cors: true
list:
handler: expenseTracker/list.list
events:
- http:
path: expenses
method: get
cors: true
listBudgets:
handler: expenseTracker/listBudgets.listBudgets
events:
- http:
path: budgets
method: get
cors: true
get:
handler: expenseTracker/get.get
events:
- http:
path: expenses/{id}
method: get
cors: true
update:
handler: expenseTracker/update.update
events:
- http:
path: expenses/{id}
method: put
cors: true
delete:
handler: expenseTracker/delete.delete
events:
- http:
path: expenses/{id}
method: delete
cors: true
resources:
Resources:
DynamoDbExpenses: #this is where the logicalID is defined
Type: 'AWS::DynamoDB::Table'
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
-
AttributeName: id
AttributeType: S
KeySchema:
-
AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
DynamoDbBudgets: #here too
Type: 'AWS::DynamoDB::Table'
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
-
AttributeName: id
AttributeType: S
KeySchema:
-
AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
服务:无服务器费用追踪器
frameworkVersion:“>=1.1.0我想发布我的更新,因为我花了时间,从这个问题中学到了很多东西。当前接受的答案功能不全
我补充说:
1) 确保在处理程序中有一个环境表_NAME
(或另一个名称,您可以相应调整),如下所示,它引用lambda函数的环境变量
const params = {
TableName: process.env.TABLE_NAME,
Item: {
...
}
}
2) 更新serverless.yml
为每个函数指定表名
environment:
TABLE_NAME: { "Ref": "DynamoDbExpenses" }
或
取决于函数目标的表
此处更新了完整的serverless.yml
:
service: serverless-expense-tracker
frameworkVersion: ">=1.1.0 <2.0.0"
provider:
name: aws
runtime: nodejs6.10
environment:
EXPENSES_TABLE: { "Ref": "DynamoDbExpenses" } #DynamoDbExpenses is a logicalID also used when provisioning below
BUDGETS_TABLE: { "Ref": "DynamoDbBudgets" }
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource:
- { "Fn::GetAtt": ["DynamoDbExpenses", "Arn"] } #you will also see the logical IDs below where they are provisioned
- { "Fn::GetAtt": ["DynamoDbBudgets", "Arn"] }
functions:
create:
handler: expenseTracker/create.create
environment:
TABLE_NAME: { "Ref": "DynamoDbExpenses" }
events:
- http:
path: expenses
method: post
cors: true
createBudget:
handler: expenseTracker/createBudget.createBudget
environment:
TABLE_NAME: { "Ref": "DynamoDbBudgets" }
events:
- http:
path: budgets
method: post
cors: true
list:
handler: expenseTracker/list.list
environment:
TABLE_NAME: { "Ref": "DynamoDbExpenses" }
events:
- http:
path: expenses
method: get
cors: true
listBudgets:
handler: expenseTracker/listBudgets.listBudgets
environment:
TABLE_NAME: { "Ref": "DynamoDbBudgets" }
events:
- http:
path: budgets
method: get
cors: true
get:
handler: expenseTracker/get.get
environment:
TABLE_NAME: { "Ref": "DynamoDbExpenses" }
events:
- http:
path: expenses/{id}
method: get
cors: true
update:
handler: expenseTracker/update.update
environment:
TABLE_NAME: { "Ref": "DynamoDbExpenses" }
events:
- http:
path: expenses/{id}
method: put
cors: true
delete:
handler: expenseTracker/delete.delete
environment:
TABLE_NAME: { "Ref": "DynamoDbExpenses" }
events:
- http:
path: expenses/{id}
method: delete
cors: true
resources:
Resources:
DynamoDbExpenses: #this is where the logicalID is defined
Type: 'AWS::DynamoDB::Table'
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
-
AttributeName: id
AttributeType: S
KeySchema:
-
AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
TableName: ${self:service}-${opt:stage, self:provider.stage}-expenses
DynamoDbBudgets: #here too
Type: 'AWS::DynamoDB::Table'
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
-
AttributeName: id
AttributeType: S
KeySchema:
-
AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
TableName: ${self:service}-${opt:stage, self:provider.stage}-budgets
服务:无服务器费用追踪器
frameworkVersion:“>=1.1.0如果您希望提供对正在部署的堆栈中所有表的访问,则可以使用:
Resource: !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${AWS::StackName}-*
这样,堆栈中的lambda仅限于堆栈中的表,而不必在每次添加表时都进行更新。如果您有特定问题(如何在iam角色语句中正确定义多个资源)然后做一个仔细的例子,说明你所做的尝试,任何错误都不起作用,并准确地解释你的意图hanks@vorspring。我没有任何错误,但我让上面链接的serverless.yml起作用的唯一方法是用通配符定义iam资源。这似乎是我们工程师所说的坏主意。你能帮我吗在IAroleStatements中定义多个资源,以一种更为,呃,封装的方式?或者你的意思是我不应该链接到yml作为要点,而是直接在这里发布它?我的意思是如果你需要某种帮助,那么问一个具体的问题!请参阅编辑的网站指南,如果不够具体,请告诉我。当你管理两个DynamoDB选项卡时les,您如何让每个函数知道需要连接哪个数据库?在这种情况下,您会注意到我在provider.environment中定义了费用表和预算表。在lambda中,您只需这样引用它:TableName:process.env.EXPENSES\u表
但是lambda是在sls中自动创建的,我可以在哪里设置TableName?你是说在hardler脚本中吗?是的,在处理程序脚本中,很抱歉造成混淆。没有在处理程序脚本中设置。我现在知道该怎么办:。在为每个函数添加环境表\u NAME
之前,当前代码似乎无法工作。
Resource: !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${AWS::StackName}-*