Lambda 函数 eventbridge 触发器未使用 Terraform 进行配置

问题描述 投票:0回答:1

我正在尝试配置lambda函数和cloudwatch事件桥触发器,以便lambda基于crontab触发,并在触发lambda函数时传递一些参数。

我在这里传递我的 tf 文件配置。

resource "aws_lambda_function" "lambda" {
  function_name = "dp_ing_sls_chr4g-om-lambda"

  filename = "dp_ing_sls_chr4g-om-lambda.zip"

  handler = "dp_ing_sls_chr4g-om-lambda.lambda_handler"
  role    = aws_iam_role.iam_for_lambda.arn
  runtime = "python3.8"
  timeout = 900
  memory_size = 192
  package_type = "Zip"
  architectures = ["x86_64"]
  ephemeral_storage {
    size = 512
  }
  



  tags = {
    product = var.tag
    
  }
}


resource "aws_cloudwatch_event_rule" "lambda_cron_trigger" {
  name                = "LambdaCronTrigger"
  schedule_expression = "cron(0 12 * * ? *)"  # Runs at 12:00 PM (UTC) every day
}

resource "aws_cloudwatch_event_target" "lambda_target" {
  rule      = aws_cloudwatch_event_rule.lambda_cron_trigger.name
  target_id = "LambdaTarget"
  arn       = aws_lambda_function.lambda.arn

  input = jsonencode({
    org = "CS",
    deployment = "dev"
  })
}

resource "aws_cloudwatch_log_group" "lambda_logs" {
  name = "/aws/lambda/${aws_lambda_function.lambda.function_name}"
  retention_in_days = 3  # Set the retention period according to your requirements
}


resource "aws_iam_policy" "lambda_invoke_policy" {
  name        = "LambdaInvokePolicy"
  description = "Policy to allow CloudWatch Events to invoke Lambda function"

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [{
      Effect   = "Allow",
      Action   = "lambda:InvokeFunction",
      Resource = aws_lambda_function.lambda.arn
    }]
  })
}

resource "aws_iam_policy_attachment" "lambda_invoke_attachment" {
  name       = "LambdaInvokeAttachment"
  policy_arn = aws_iam_policy.lambda_invoke_policy.arn
  roles      = [aws_iam_role.iam_for_lambda.arn]
}

# # section for lambda iam role

resource "aws_iam_role" "iam_for_lambda" {
  name = "iam_for_lambda"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "lambda.amazonaws.com"
        }
      },
    ]
  })
}

当我运行此命令时,所有资源都已正确创建。我也可以在 cloudwatch 中看到事件桥触发器,但触发器未附加到 Lambda 函数。

通过更多研究,我了解到由于触发器未配置到 lambda 函数,因此缺少一些策略。

amazon-web-services terraform aws-code-deploy
1个回答
0
投票

您似乎缺少 Lambda 权限资源,该资源随后允许某些服务(或资源)触发它:

resource "aws_lambda_permission" "allow_eventbridge" {
  statement_id  = "AllowExecutionFromEventBridge"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.lambda.function_name
  principal     = "events.amazonaws.com"
  source_arn    = aws_cloudwatch_event_rule.lambda_cron_trigger.arn
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.