Amazon web services 在Cloudformation模板中,如何在物联网规则中引用动态生成的Lambda函数ARN?
使用AWS Amplify CLI,我为我的项目创建了一个Lambda函数。作为该过程的一部分,它创建了一个Cloudformation模板。我正在编辑模板,添加一个物联网规则来触发lambda函数。函数名本身随环境而变化,以及我试图在IoT规则部分中针对的Lambda函数ARN 以下是我正在研究的部分:Amazon web services 在Cloudformation模板中,如何在物联网规则中引用动态生成的Lambda函数ARN?,amazon-web-services,amazon-cloudformation,aws-amplify,Amazon Web Services,Amazon Cloudformation,Aws Amplify,使用AWS Amplify CLI,我为我的项目创建了一个Lambda函数。作为该过程的一部分,它创建了一个Cloudformation模板。我正在编辑模板,添加一个物联网规则来触发lambda函数。函数名本身随环境而变化,以及我试图在IoT规则部分中针对的Lambda函数ARN 以下是我正在研究的部分: "IoTRuleS3RequestSignedUrl": { "Type": "AWS::IoT::TopicRule", "Properties": { "R
"IoTRuleS3RequestSignedUrl": {
"Type": "AWS::IoT::TopicRule",
"Properties": {
"RuleName": "twinTigerSecurityS3SignedUrlRequests",
"TopicRulePayload": {
"Actions": [
{
"Lambda": {
"FunctionArn": "HOW DO I REFERENCE THIS DYNAMIC ARN?"
}
}
],
"Description": "Get S3 bucket signed URL to upload image directly to S3.",
"RuleDisabled": false,
"Sql": "SELECT operation, bucket, key, replyTo FROM 'iot/topic'"
}
}
}
以下是正在进行的完整模板:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Lambda resource stack creation using Amplify CLI",
"Parameters": {
"CloudWatchRule": {
"Type": "String",
"Default" : "NONE",
"Description" : " Schedule Expression"
},
"env": {
"Type": "String"
}
},
"Conditions": {
"ShouldNotCreateEnvResources": {
"Fn::Equals": [
{
"Ref": "env"
},
"NONE"
]
}
},
"Resources": {
"LambdaFunction": {
"Type": "AWS::Lambda::Function",
"Metadata": {
"aws:asset:path": "./src",
"aws:asset:property": "Code"
},
"Properties": {
"Handler": "index.handler",
"FunctionName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"twinTigerSecurityRequestS3SignedUrl",
{
"Fn::Join": [
"",
[
"twinTigerSecurityRequestS3SignedUrl",
"-",
{
"Ref": "env"
}
]
]
}
]
},
"Environment": {
"Variables" : {
"ENV": {
"Ref": "env"
},
"REGION": {
"Ref": "AWS::Region"
}
}
},
"Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
"Runtime": "nodejs12.x",
"Timeout": "25"
}
},
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"twintigersecurityLambdaRolebf1a383b",
{
"Fn::Join": [
"",
[
"twintigersecurityLambdaRolebf1a383b",
"-",
{
"Ref": "env"
}
]
]
}
]
},
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
}
}
,"lambdaexecutionpolicy": {
"DependsOn": ["LambdaExecutionRole"],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "lambda-execution-policy",
"Roles": [{ "Ref": "LambdaExecutionRole" }],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action":["logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"],
"Resource": { "Fn::Sub" : [ "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", { "region": {"Ref": "AWS::Region"}, "account": {"Ref": "AWS::AccountId"}, "lambda": {"Ref": "LambdaFunction"}} ]}
}
]
}
}
},
"IoTRuleS3RequestSignedUrl": {
"Type": "AWS::IoT::TopicRule",
"Properties": {
"RuleName": "twinTigerSecurityS3SignedUrlRequests",
"TopicRulePayload": {
"Actions": [
{
"Lambda": {
"FunctionArn": "HOW DO I REFERENCE THIS DYNAMIC ARN?"
}
}
],
"Description": "Get S3 bucket signed URL to upload image directly to S3.",
"RuleDisabled": false,
"Sql": "SELECT operation, bucket, key, replyTo FROM 'iot/topic'"
}
}
}
},
"Outputs": {
"Name": {
"Value": {
"Ref": "LambdaFunction"
}
},
"Arn": {
"Value": {"Fn::GetAtt": ["LambdaFunction", "Arn"]}
},
"Region": {
"Value": {
"Ref": "AWS::Region"
}
},
"LambdaExecutionRole": {
"Value": {
"Ref": "LambdaExecutionRole"
}
}
}
}
我可以在UI中实现这一点,但这既不是理想的长期目标,也不是通过Amplify/Cloudformation提供的代码进行配置的目的。从IoT规则中引用Lambda函数的最佳方式是什么?您可以使用内在函数
Fn::GetAtt
获得资源的ARN,如下所示:
“Fn::GetAtt”:[“lambdfunction”,“Arn”]
您可以使用内在函数Fn::GetAtt
获取资源的Arn,如下所示:
“Fn::GetAtt”:[“LambdaFunction”,“Arn”]
您是否尝试使用“Fn::GetAtt”:[“LambdaFunction”,“Arn”]
?我没有!拍摄后,我发现以下错误:CREATE\u失败的函数TwinTigerSecurityRequests3SignedUrl AWS::CloudFormation::Stack Sun Apr 19 2020 07:07:42 GMT-0600(山地夏时制)嵌入式堆栈arn:aws:cloudformation:us-east-1:444444:stack/amplify-twintigersecurity-dev-44444-functiontwinTigerSecurityRequestS3SignedUrl-ABCDEFGHIJKL/AAAAA-aaaa-aaaa-aaaa未成功创建:以下资源未能创建:[lambdaexecutionpolicy,IoRules3RequestSignedUrl]代码>请注意,取出IoRules3RequestSignedUrl时所有操作都有效。无法使用提供的解组器解组异常响应(服务:AWSIot;状态代码:400;错误代码:null;请求ID:
我有直觉认为JSON是由于某种原因被破坏的,也许可以尝试将其转换为YAML?我想我可以尝试。它不是在正常的Amplify CLI工作流中,所有内容都生成为JSON。我个人更喜欢YAML,但是在这里使用它会对argume产生不利影响nt在我正在工作的测试项目上使用Amplify。您觉得值得吗?(可能有一个CLI配置选项用于此…)。我用JSON更新示例更新了我的问题。看起来YAML配置是一个必需的功能:您是否尝试使用“Fn::GetAtt”:[“LambdaFunction”,“Arn”]
?我没有!在一次拍摄后,我得到了以下错误:创建失败的函数TwinTigerSecurity请求S3signedUrl AWS::CloudFormation::Stack Sun Apr 19 2020 07:07:42 GMT-0600(山区昼间)嵌入式堆栈arn:aws:cloudformation:us-east-1:444444:stack/amplify-twintigersecurity-dev-44444-functiontwinTigerSecurityRequestS3SignedUrl-ABCDEFGHIJKL/AAAAA-aaaa-aaaa-aaaa未成功创建:以下资源未能创建:[lambdaexecutionpolicy,IoRules3RequestSignedUrl].
请注意,取出IoTRuleS3RequestSignedUrl时,所有操作都有效。无法使用提供的解组器解组异常响应(服务:AWSIot;状态代码:400;错误代码:null;请求ID:
我有直觉认为JSON是由于某种原因被破坏的,也许可以尝试将其转换为YAML?我想我可以尝试。它不是在正常的Amplify CLI工作流中,所有内容都生成为JSON。我个人更喜欢YAML,但是在这里使用它会对argume产生不利影响nt在我正在工作的测试项目上使用Amplify。你觉得值得吗?(可能有一个CLI配置选项用于此…)。我用示例JSON更新了我的问题。看起来YAML配置是一个请求的功能: