AWS 事件规则不起作用
AWS Event Rule doesn't work
我有以下 CFN 事件规则,应该开始 MyLambda。当我 运行 这个 CFN 模板时,我可以看到规则是用正确的间隔创建的,正确的输入 json 并且它是 ENABLED。但它不会启动。我没有看到我的 lambda 创建任何日志(我使用的是打印语句)。
但是当我使用 UI(相同的配置等)创建类似的规则时,它工作正常。我不确定我在这里错过了什么。
CWEventRule:
Type: "AWS::Events::Rule"
Properties:
Description: "Description"
Name: "CWEventRule"
ScheduleExpression: "rate(5 minutes)"
State: "ENABLED"
Targets:
-
Arn:
Fn::GetAtt:
- "MyLambda"
- "Arn"
Id: "MyLambda"
Input: "{\"jsonkey\":\"jsonvalue\"}"
已更新具有角色的 cfn 模板
CloudWatchEventRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- !Sub lambda.amazonaws.com
- !Sub events.amazonaws.com
Action: "sts:AssumeRole"
Path: "/"
Policies:
- PolicyName: CloudWatchEventPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "lambda:InvokeFunction"
Resource: "*"
CWEventRule:
Type: "AWS::Events::Rule"
Properties:
Description: "Description"
Name: "CWEventRule"
ScheduleExpression: "rate(5 minutes)"
State: "ENABLED"
RoleArn: !GetAtt [ CloudWatchEventRole, Arn ]
Targets:
-
Arn:
Fn::GetAtt:
- "MyLambda"
- "Arn"
Id: "MyLambda"
Input: "{\"jsonkey\":\"jsonvalue\"}"
您需要授予调用事件的 Lambda 权限。这可以通过创建 AWS::Lambda::Permission 资源来实现。
"PermissionInvokeLambdaRule": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"FunctionName": { "Fn::GetAtt": ["MyLambdaResouce", "Arn"] },
"Action": "lambda:InvokeFunction",
"Principal": "events.amazonaws.com",
"SourceArn": { "Fn::GetAtt": ["MyEventsRuleResource", "Arn"] }
}
},
RoleArn 应与目标相关联,如下所示。可以找到更多信息here
Targets:
-
Arn:
Fn::GetAtt:
- "MyLambda"
- "Arn"
Id: "MyLambda"
Input: "{\"jsonkey\":\"jsonvalue\"}"
RoleArn:
Fn::GetAtt:
- CloudWatchEventRole
- Arn
我有以下 CFN 事件规则,应该开始 MyLambda。当我 运行 这个 CFN 模板时,我可以看到规则是用正确的间隔创建的,正确的输入 json 并且它是 ENABLED。但它不会启动。我没有看到我的 lambda 创建任何日志(我使用的是打印语句)。
但是当我使用 UI(相同的配置等)创建类似的规则时,它工作正常。我不确定我在这里错过了什么。
CWEventRule:
Type: "AWS::Events::Rule"
Properties:
Description: "Description"
Name: "CWEventRule"
ScheduleExpression: "rate(5 minutes)"
State: "ENABLED"
Targets:
-
Arn:
Fn::GetAtt:
- "MyLambda"
- "Arn"
Id: "MyLambda"
Input: "{\"jsonkey\":\"jsonvalue\"}"
已更新具有角色的 cfn 模板
CloudWatchEventRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- !Sub lambda.amazonaws.com
- !Sub events.amazonaws.com
Action: "sts:AssumeRole"
Path: "/"
Policies:
- PolicyName: CloudWatchEventPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "lambda:InvokeFunction"
Resource: "*"
CWEventRule:
Type: "AWS::Events::Rule"
Properties:
Description: "Description"
Name: "CWEventRule"
ScheduleExpression: "rate(5 minutes)"
State: "ENABLED"
RoleArn: !GetAtt [ CloudWatchEventRole, Arn ]
Targets:
-
Arn:
Fn::GetAtt:
- "MyLambda"
- "Arn"
Id: "MyLambda"
Input: "{\"jsonkey\":\"jsonvalue\"}"
您需要授予调用事件的 Lambda 权限。这可以通过创建 AWS::Lambda::Permission 资源来实现。
"PermissionInvokeLambdaRule": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"FunctionName": { "Fn::GetAtt": ["MyLambdaResouce", "Arn"] },
"Action": "lambda:InvokeFunction",
"Principal": "events.amazonaws.com",
"SourceArn": { "Fn::GetAtt": ["MyEventsRuleResource", "Arn"] }
}
},
RoleArn 应与目标相关联,如下所示。可以找到更多信息here
Targets:
-
Arn:
Fn::GetAtt:
- "MyLambda"
- "Arn"
Id: "MyLambda"
Input: "{\"jsonkey\":\"jsonvalue\"}"
RoleArn:
Fn::GetAtt:
- CloudWatchEventRole
- Arn