CloudFormation Lambda 模板,使用 Ref 或 GetAtt 时期望角色为字符串
CloudFormation Lambda template, Expecting role to be string, when using Ref or GetAtt
在创建我的 lambda 堆栈时,我使用了一个名为 LambdaExecutionRole 的角色,然后我通过 fn::GetAtt
引用 ARN
"Role": {"Fn::GetAtt": ["LambdaExecutionRole","Arn"]},
,如文档所述,然后我收到错误消息,指出指定的资源不支持 GetAtt。所以我尝试使用 GetAtt,然后返回:
Properties validation failed for resource GetECLambda with message: #/Code/S3Bucket: failed validation constraint for keyword [pattern] #/Role: expected type: String, found: JSONObject
我也试过 "Role":{ "!Ref" : "LambdaExecutionRole"},
根据我的理解,其中一个应该返回一个字符串,因此将提供一个字符串,而不是 JSON 对象。但问题可能是字符串定义如下:{"The Arn"},但我不确定如何避免这种情况。
我的lambda的结构和作用如下:
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Stack to create the get-EC lambda",
"Resources" : {
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }]
},
"Path": "/",
"Policies": [{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{ "Effect": "Allow", "Action": ["logs:*"], "Resource": "arn:aws:logs:*:*:*" }]
}
}]
}
},
"GetECLambda" : {
"Type" : "AWS::Lambda::Function",
"Properties" : {
"FunctionName": "get-ecs",
"Role":{ "!Ref" : "LambdaExecutionRole"},
"Runtime": "nodejs12.x",
"Code": {
"S3Bucket" : "arn:aws:s3:::flex-fit-lambda-functions-source",
"S3Key": "get-ecs.zip"
}
}
}
}
}
在JSON中指定Cloudformation模板时,仅支持这种调用内部函数的形式:
{ "Fn::GetAtt" : [ "logicalNameOfResource", "attributeName" ] }
!Ref 表单仅支持 YAML。
因此,请尝试在您的模板中更改您当前对此的调用:
"Role": { "Fn::GetAtt" : [ "LambdaExecutionRole", "Arn" ] }
在创建我的 lambda 堆栈时,我使用了一个名为 LambdaExecutionRole 的角色,然后我通过 fn::GetAtt
引用 ARN"Role": {"Fn::GetAtt": ["LambdaExecutionRole","Arn"]},
,如文档所述,然后我收到错误消息,指出指定的资源不支持 GetAtt。所以我尝试使用 GetAtt,然后返回:
Properties validation failed for resource GetECLambda with message: #/Code/S3Bucket: failed validation constraint for keyword [pattern] #/Role: expected type: String, found: JSONObject
我也试过 "Role":{ "!Ref" : "LambdaExecutionRole"},
根据我的理解,其中一个应该返回一个字符串,因此将提供一个字符串,而不是 JSON 对象。但问题可能是字符串定义如下:{"The Arn"},但我不确定如何避免这种情况。
我的lambda的结构和作用如下:
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Stack to create the get-EC lambda",
"Resources" : {
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }]
},
"Path": "/",
"Policies": [{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{ "Effect": "Allow", "Action": ["logs:*"], "Resource": "arn:aws:logs:*:*:*" }]
}
}]
}
},
"GetECLambda" : {
"Type" : "AWS::Lambda::Function",
"Properties" : {
"FunctionName": "get-ecs",
"Role":{ "!Ref" : "LambdaExecutionRole"},
"Runtime": "nodejs12.x",
"Code": {
"S3Bucket" : "arn:aws:s3:::flex-fit-lambda-functions-source",
"S3Key": "get-ecs.zip"
}
}
}
}
}
在JSON中指定Cloudformation模板时,仅支持这种调用内部函数的形式:
{ "Fn::GetAtt" : [ "logicalNameOfResource", "attributeName" ] }
!Ref 表单仅支持 YAML。
因此,请尝试在您的模板中更改您当前对此的调用:
"Role": { "Fn::GetAtt" : [ "LambdaExecutionRole", "Arn" ] }