问题描述
我想通过cloudformation模板创建一个lambda函数,我有ConfigurationLambdaRole、ConfigurationLambdaFunction和ConfigurationLambdaInvokePermission,在ConfigurationLambdaInvokePermission部分,SourceArn应该是什么?我的模板有什么不正确的地方吗?
Resources:
ConfigurationLambdaRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: 'configuration-lambda'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- events.amazonaws.com
- s3.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonSQSFullAccess
- arn:aws:iam::aws:policy/CloudWatchLogsFullAccess
ConfigurationLambdaFunction:
Type: AWS::Lambda::Function
Properties:
Description: 'configuration service with lambda'
FunctionName: 'configuration-lambda1'
Handler: lambda.handler.EventHandler::handleRequest
Runtime: Java 11
MemorySize: 128
Timeout: 120
Code:
S3Bucket: configurationlambda
S3Key: lambda-service-1.0.0-SNAPSHOT.jar
Role: !GetAtt ConfiguratioLambdaRole.Arn
ConfigurationLambdaInvokePermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName:
Fn::GetAtt:
- ConfigurationLambdaFunction
- Arn
Action: 'lambda:InvokeFunction'
Principal: "s3.amazonaws.com"
SourceArn: 'arn of jar file in s3(configurationlambda)'
解决方法
SourceArn 是将要调用您的函数的资源的 arn。例如,如果您的 lambda 将通过 S3 事件通知调用,则 SourceArn 将是您的存储桶的 ARN。
就您而言,我不明白您为什么需要 AWS::Lambda::Permission。所以我会删除整个资源。