我正在尝试配置lambda函数和cloudwatch事件桥触发器,以便lambda基于crontab触发,并在触发lambda函数时传递一些参数。
我在这里传递我的 tf 文件配置。
resource "aws_lambda_function" "lambda" {
function_name = "dp_ing_sls_chr4g-om-lambda"
filename = "dp_ing_sls_chr4g-om-lambda.zip"
handler = "dp_ing_sls_chr4g-om-lambda.lambda_handler"
role = aws_iam_role.iam_for_lambda.arn
runtime = "python3.8"
timeout = 900
memory_size = 192
package_type = "Zip"
architectures = ["x86_64"]
ephemeral_storage {
size = 512
}
tags = {
product = var.tag
}
}
resource "aws_cloudwatch_event_rule" "lambda_cron_trigger" {
name = "LambdaCronTrigger"
schedule_expression = "cron(0 12 * * ? *)" # Runs at 12:00 PM (UTC) every day
}
resource "aws_cloudwatch_event_target" "lambda_target" {
rule = aws_cloudwatch_event_rule.lambda_cron_trigger.name
target_id = "LambdaTarget"
arn = aws_lambda_function.lambda.arn
input = jsonencode({
org = "CS",
deployment = "dev"
})
}
resource "aws_cloudwatch_log_group" "lambda_logs" {
name = "/aws/lambda/${aws_lambda_function.lambda.function_name}"
retention_in_days = 3 # Set the retention period according to your requirements
}
resource "aws_iam_policy" "lambda_invoke_policy" {
name = "LambdaInvokePolicy"
description = "Policy to allow CloudWatch Events to invoke Lambda function"
policy = jsonencode({
Version = "2012-10-17",
Statement = [{
Effect = "Allow",
Action = "lambda:InvokeFunction",
Resource = aws_lambda_function.lambda.arn
}]
})
}
resource "aws_iam_policy_attachment" "lambda_invoke_attachment" {
name = "LambdaInvokeAttachment"
policy_arn = aws_iam_policy.lambda_invoke_policy.arn
roles = [aws_iam_role.iam_for_lambda.arn]
}
# # section for lambda iam role
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "lambda.amazonaws.com"
}
},
]
})
}
当我运行此命令时,所有资源都已正确创建。我也可以在 cloudwatch 中看到事件桥触发器,但触发器未附加到 Lambda 函数。
通过更多研究,我了解到由于触发器未配置到 lambda 函数,因此缺少一些策略。
您似乎缺少 Lambda 权限资源,该资源随后允许某些服务(或资源)触发它:
resource "aws_lambda_permission" "allow_eventbridge" {
statement_id = "AllowExecutionFromEventBridge"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda.function_name
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.lambda_cron_trigger.arn
}