terraform 将 lambda 函数应用于 localstack 时创建 IAM 角色时出错?

问题描述 投票:0回答:1

我有以下目录层次结构:

Lambda
│
├── adduserpost
│   ├── venv
│   ├── .terraform
│   ├── .terraform.lock.hcl
│   ├── lambda_function_add_user_post.zip
│   ├── lambda-addUserPost.tf
│   ├── lambdafunctions.py
│   ├── terraform.tfstate
│   └── terraform.tfstate.backup
└── ...


lambda-addUserPost.tf
有这样的内容:

 provider "aws" {
      region                  = "us-east-1"  # Change to your desired region
      access_key              = "test"       # Access key for LocalStack
      secret_key              = "test"       # Secret key for LocalStack
      skip_credentials_validation = true
      skip_requesting_account_id = true
    
    
      endpoints {
        dynamodb    = "http://localhost:4566"  # LocalStack DynamoDB endpoint
        lambda      = "http://localhost:4566"
      }
    }
    
    resource "aws_lambda_function" "add_user_post" {
      function_name = "AddUserPost"
      handler       = "addUserPost.lambda_handler"
      runtime       = "python3.8"
      filename      = data.archive_file.lambda_function_add_user_post.output_path  # ZIP file containing your Python code
      role          = aws_iam_role.lambda_execution_role.arn
      source_code_hash = filebase64sha256(data.archive_file.lambda_function_add_user_post.output_path)
    
      environment {
        variables = {
          TABLE_NAME = "UserProfileTable"  # Update with your DynamoDB table name
        }
      }
    }
    
    resource "aws_iam_role" "lambda_execution_role" {
      name = "lambda_execution_role"
    
      assume_role_policy = jsonencode({
        Version = "2012-10-17",
        Statement = [
          {
            Action = "sts:AssumeRole",
            Effect = "Allow",
            Principal = {
              Service = "lambda.amazonaws.com"
            }
          }
        ]
      })
    }
    
    
    resource "aws_iam_role_policy_attachment" "lambda_dynamodb_access" {
      policy_arn = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess"
      role       = aws_iam_role.lambda_execution_role.name
    }
    
    
    
    data "archive_file" "lambda_function_add_user_post" {
      type          = "zip"
      source_dir    = "${path.module}"
      output_path   = "${path.module}/lambda_function_add_user_post.zip"
    }

据我所知,配置正确。但是,运行 

terraform apply
给我一个错误:

│ Error: creating IAM Role (lambda_execution_role): InvalidClientTokenId: The security token included in the request is invalid.
│       status code: 403, request id: e47ff97c-1fd3-46e7-b379-3b27d2cbb40f
│ 
│   with aws_iam_role.lambda_execution_role,
│   on lambda-addUserPost.tf line 30, in resource "aws_iam_role" "lambda_execution_role":

我不明白为什么会收到此错误。什么安全令牌?我有 

access_key
secret_key
带有占位符值,但它是本地堆栈。为什么我需要有效的安全令牌?如果需要的话,为什么我的设置不正确?我怎样才能解决这个问题?我可以毫无问题地应用 
dynamoDB
表。

amazon-web-services aws-lambda terraform aws-cli localstack
1个回答
0
投票

第一步是确保您的 localstack、terraform 和 aws 提供程序版本是最新的。

接下来,我怀疑问题是 IAM 端点未配置,因此当 terraform 尝试创建您拥有的 IAM 资源时,它会尝试连接到 AWS。

endpoints {
        dynamodb    = "http://localhost:4566"
        lambda      = "http://localhost:4566"
        iam         = "http://localhost:4566"
 }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.