问题描述
我正在尝试将无服务器 AWS CFT 代码转换为 terraform。我使用的示例来自 [bmalnad][1]
Functionality
- 此无服务器应用程序将您上传到 S3 的数据转换为 pgp 加密格式,然后上传回同一个 S3 存储桶。
我的地形代码
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
region = "us-east-1"
}
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17","Statement": [
{
"Action": "sts:AssumeRole","Principal": {
"Service": "lambda.amazonaws.com"
},"Effect": "Allow"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "terraform_lambda_iam_policy_basic_execution" {
role = "${aws_iam_role.iam_for_lambda.id}"
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
resource "aws_iam_role_policy_attachment" "s3access" {
role = "${aws_iam_role.iam_for_lambda.id}"
policy_arn = aws_iam_policy.replication.arn
}
resource "aws_lambda_permission" "allow_bucket" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.example.arn
principal = "s3.amazonaws.com"
source_arn = aws_s3_bucket.sourceBucket.arn
}
resource "aws_s3_bucket" "sourceBucket" {
bucket = "my-bucket"
}
resource "aws_iam_policy" "replication" {
name = "my-policy"
policy = <<POLICY
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Action": [
"s3:*"
],"Resource": "${aws_s3_bucket.sourceBucket.arn}"
}
]
}
POLICY
}
resource "aws_s3_bucket_notification" "bucket_notifications" {
bucket = aws_s3_bucket.sourceBucket.id
lambda_function {
lambda_function_arn = aws_lambda_function.example.arn
events = ["s3:ObjectCreated:*"]
}
depends_on = [aws_lambda_permission.allow_bucket]
}
lambda 资源
resource "aws_lambda_function" "example" {
function_name = "ServerlessExample"
s3_bucket = "awsserverlessrepo-changesets-plntc6bfnfj"
s3_key = "<account_number>/arn:aws:serverlessrepo:us-east-1:485061371590:applications-s3-pgp-encryptor-versions-1.0.7/52a793a0-15da-42ae-a04e-abe5b25ba562"
handler = "handler.encrypt"
runtime = "nodejs10.x"
timeout = "30"
memory_size = "1024"
role = aws_iam_role.iam_for_lambda.arn
tracing_config {
mode = "Active"
}
environment {
variables = {
BASE64ENCODEDPUBLICKEY = "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tClZlcnNpb246IEdudVBHIHYxCgptUUVOQkZaaCtoOEJDQUMvM0xKc1pMK2hza0pLVW56NHNNYVBVcWN3Ym9ta3ZBR1VsOGM1OEhvMmMzU1JCWHdICmpSRXpJQU9id1h0WHFsRFJrN0d0VXpnekRCWkE4QUttZyt5bUFtUmhnOGsyVE83SzRpcE42NFZpMnViL1VCZE0KWXJQeHdRYTIyUG8vemtoQzFGOEtpMVNpQVF6Z2FPdlRRRnJNWkRBVDltdEV3NktUOU5RWnRYck0xTHFsMi84TApjbWVsMXhVNDlmUi9aTnJrVnRROVhhNklWdmVZSS9hN1NGUXZpeUttNGJVbGVJZXdSY2ZJbk04Y1UxMHfheWtOCkViOWhQTy9POVZibVc5SGRtZTU3dmswb3U0Slpja3VQcGhlMWk0Wlgwoeg0dkpUTjVvcVpltXZIeDBDR0RETzcKTnBSbTAxbjVqc0VPZUlpSkM0YjNQWmp6Z0hHTkdsTUkweEVoQUJFQkFBRzBPMk52Ym5SaFkzUkFjR3hoYm1WMApaV052YzNsemRHVnRjeTVqYjIwZ1BHTnZiblJoWTNSQWNHeGhibVYwWldOdmMzbHpkR1Z0Y3k1amIyMCtpUUU0CkJCTUJBZ0FpQlFKWEY4NDhBaHNEQmdzSkNBY0RBZ1lWQ0FJSkNnc0VGZ0lEQVFJZUFRSVhnQUFLQ1JDZFpieDgKd1JnU1U5UkxDQUNtcnFIN0JBbDd3eU9DQVBDcEVRVmcwOGRyVFpCT1RuV3BuY1JvUmdHMzRBK1ZsdnduTDgrZgplcmVmK1JwcG5jeFVtSWsxd2VsK1ZhSzQvcGUzVzJhNEh3SW1xKzdVckMvSThGQ2FEbnFhb0ZFbCtHcXdLT3J5Cm9zTmxhZWc4ZjNHeXhLWnFiYVhxbGFjTnRoelVWOWQvbFNpM2JDbGRMdFBQcHQweVRhZ3JwcHVtNWdJd3RwQ2QKYy9BbDd0QVFhbzVldjJZSVA3NGxsK05iZEh3TjFXYTZVcWhHNGtrMk1aWklYTkE4OERFUFlEa0VKa3NHdlrsTQpCZVppMEtiUEo4ZmdWQktVQWkwbWdvY3A5UDlEcXpoZDkxcXZTU05mSmp5dEczV1QrOGwvZWV5MENNTnRUc1NhCjRVblFYbTcyajgxUGlmdnpkWnpoVUZYVWZaTWJRRUFJaVFFNEJCTUJBZ0FpQlFKV1lmb2ZBaHNEQmdzSkNBY0QKQWdZVkNBSUpDZ3NFRmdJREFRSWVBUUlYZ0FBS0NSQ2RaYng4d1JnU1U5MTdDQUNLUGNlMStENFZjdTkxVHd5Swo5SlRqKy9ndEYyUUx0VEtWTWk4aVd1VWo5U1M4WEw3MHZoNm1pbjJDbmYwZ0M0WWtCYlhqdzNiM1lmTkt0YkxKClpDUDlHUW15Tlh6clV4QVdKVzZ6UFhOT0VoMnBMODhBWnd0bFJ4RUc3b1pFZ2loNE96MnBqL1VCQjg3Rk5IQUgKSmJ1QkNEQWxHak9PczdLQkNHMlRCdmxXeVJSQ0FFRlpKQllvd0l0a3I2cDJqRVFaMlhRdlppRk9ScjNqmkplbQpUeFAxc1pJZ0FpOHVxMktSa0NxY21hSFlyUlpsbnVHU1JjYnVPQUd4YnJ5bXJuRDNhak1ub0NrTThoZzI5R0FUCi9WUUZUYkhoZ1JuVnM2MnY3K2QyZVVFRzdQWHFRZnFBeXZPSXNmWDZrOFpGZlVmRVp4VGpEVWpnVm03UXpINXEKMkQ4MHVRRU5CRlpoK2g4QkNBRE50T0U2K2NOZ0ZwWEZGSjEweWkzVVljVWcyTzlWY0dERm1MVVhVQldVdEMwVQpxZHhhczBrdkxDZkdyMlFjQUpseXRQaXVIcW84cDZva2pOdm94d2dINGtQMW9RdUpCT2JITnkyRUtwQ2NBbVErCmRYRjNPYjBBVk5BU1MxQncrNSs4L3Y5c1RTWlUrbEEvU2NDU3d2Mm1xTGtkbHlxNC9acVFmWDl0R3BlZm5XVEUKOThXQjZpMUlmWGtHSUgranBGUFZkZGIxMVJmdUlVMkZ1c1NzWEpZZjhDbHVON2lnTnhkcXQ2aXNJQ0dJMjBHNwpOdxcwZWlCN1lvNmt1MVJMcE9yMVNtSHZKNC93cS9XVjNOS1JjQWh4VVdHUnBCRE14MkRsN0dmem5wNXN4eTJvCnJyN09rbzQ4b1JpaHFzZFFiZ2dBdVJxVzBaaTdoSnphV1pUMnlWa2hBQkVCQUFHSkFSOEVHQUVDQUFrRkFsWmgKK2g4Q0d3d0FDZ2tRbldXOGZNRVlFbE4xS2dnQXNNRmFNdDk5bWdhcXNFY0JSZnVrbEUxWmxwTkJtRHQwWmRBeAo5NUpWaWFXQUo1VUd4VHdLNnB6TkF4Vms3NHcwMkE1NjRRc3RKODM2aWkyellVdEgvRjriVWVOWlBjVmQ4OTA4CkZwTFJiYVFMcEE3TWlkRXlCdnJXMDd3aThnV3VGaU1FQ2Via1RTTDZFajdGc1piUFirsmFiMG95SXhjZWRXQlkKRmRQTTFpZlZiNEVLdHU1azdoZjl3ZlRLdlJCbWIzRE1JdjEzZHY5bTRsMjhFK25ibmh3elBXbXJBWFVsZTZrbAorcTloNzJnS0w2empaL1FCblEwNWlEN0x6UDZwMldjWUd3UW9scnhDUWJscVlvSFRCdHVQbU1nRXp4djdscFUrCjRVSzhQUTRIbXFXdEZLZEVQSDljRWFaRjVDWUlLdXVaZE53Y1QwWkZWTm5HNkxzWnFRPT0KPV*************************************"
sourceBucketName = aws_s3_bucket.sourceBucket.arn
}
}
}
我看到当我将任何文件添加到 S3 存储桶时,会调用 PGP 加密 lambda。它导致下面的错误
START RequestId: xyz123-54e8-43b2-b7be-f611e24b5cb6 Version: $LATEST
INFO lambda fired - raw.txt
INFO unencrypted file - processing
INFO successfully read file
ERROR Uncaught Exception {
"errorType": "TypeError","errorMessage": "Cannot read property 'Body' of null","code": "TypeError","message": "Cannot read property 'Body' of null","time": "2021-03-03T21:18:54.003Z","stack": [
"TypeError: Cannot read property 'Body' of null"," at Response.<anonymous> (/var/task/handler.js:21:41)"," at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:369:18)"," at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)"," at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)"," at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)"," at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)"," at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)"," at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10"," at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)"," at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)"
]
}
我不想使用 resource "aws_cloudformation_stack"
并从上面调用示例 CFT,它可以工作。我需要让它在 terraform 中独立工作。
[1]:https://github.com/bmalnad/s3-pgp-encryptor
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)