我正在使用无服务器框架,通过node.js和ajv库提供基于lambda的简单模式验证服务。
如上所述here,我的本地调用起作用,但是,当我远程调用时,我得到了S3拒绝的访问。此外,当我使用特定资源在aws上运行策略模拟时,它表明已授予访问权限,现在我很困惑。
我使用]远程调用我的函数>
SLS_DEBUG=* sls invoke -f validate --data '{"schema":"valid", "schema_version":""}'我得到的相关错误消息是:
platform-sdk fetching: POST https://api.serverless.com/core/tenants/l1nxit/applications/api/profileValue Serverless: Invoke invoke Serverless: [AWS lambda 200 1.555s 0 retries] invoke({ FunctionName: 'validate-stage-validate', InvocationType: 'RequestResponse', LogType: 'None', Payload: '***SensitiveInformation***' }) { "errorMessage": "Access Denied", "errorType": "AccessDenied", "stackTrace": [ "Request.extractError (/var/task/node_modules/aws-sdk/lib/services/s3.js:585:35)", "Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)", "Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)", "Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:683:14)", "Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)", "AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)", "/var/task/node_modules/aws-sdk/lib/state_machine.js:26:10", "Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)", "Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:685:12)", "Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:116:18)" ] } Error -------------------------------------------------- Error: Invoked function failed at AwsInvoke.log (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/lib/plugins/aws/invoke/index.js:105:31) From previous event: at Object.invoke:invoke [as hook] (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/lib/plugins/aws/invoke/index.js:23:12) at BbPromise.reduce (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/lib/classes/PluginManager.js:489:55) From previous event: at PluginManager.invoke (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/lib/classes/PluginManager.js:489:22) at getHooks.reduce.then (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/lib/classes/PluginManager.js:524:24) From previous event: at PluginManager.run (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/lib/classes/PluginManager.js:524:8) at variables.populateService.then (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/lib/Serverless.js:115:33) at runCallback (timers.js:705:18) at tryOnImmediate (timers.js:676:5) at processImmediate (timers.js:658:5) at process.topLevelDomainCallback (domain.js:126:23) From previous event: at Serverless.run (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/lib/Serverless.js:102:74) at serverless.init.then (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/bin/serverless.js:72:30) at /Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/node_modules/graceful-fs/graceful-fs.js:111:16 at /Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/node_modules/graceful-fs/graceful-fs.js:45:10 at FSReqWrap.args [as oncomplete] (fs.js:140:20) From previous event: at initializeErrorReporter.then (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/bin/serverless.js:72:8) at runCallback (timers.js:705:18) at tryOnImmediate (timers.js:676:5) at processImmediate (timers.js:658:5) at process.topLevelDomainCallback (domain.js:126:23) From previous event: at Object.<anonymous> (/Users/myuser/.nvm/versions/node/v10.17.0/lib/node_modules/serverless/bin/serverless.js:61:4) at Module._compile (internal/modules/cjs/loader.js:778:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10) at Module.load (internal/modules/cjs/loader.js:653:32) at tryModuleLoad (internal/modules/cjs/loader.js:593:12) at Function.Module._load (internal/modules/cjs/loader.js:585:3) at Function.Module.runMain (internal/modules/cjs/loader.js:831:12) at startup (internal/bootstrap/node.js:283:19) at bootstrapNodeJSCore (internal/bootstrap/node.js:623:3) Get Support -------------------------------------------- Docs: docs.serverless.com Bugs: github.com/serverless/serverless/issues Issues: forum.serverless.com Your Environment Information --------------------------- Operating System: darwin Node Version: 10.17.0 Framework Version: 1.56.1 Plugin Version: 3.2.1 SDK Version: 2.2.0 Components Core Version: 1.1.2 Components CLI Version: 1.4.0[我从https://api.serverless.com/core/tenants/[[my profileValue]收到的消息是
{"errorMessage":"Not Found"},尽管我返回无服务器用户配置但没有发现问题,但我对此非常怀疑。
我的serverless.yml配置如下:
service: validate app: api org: l1nxit custom: test: false inputBucket: l1nxit-schemas provider: name: aws runtime: nodejs8.10 # defaults stage: stage region: eu-central-1 user: serverless # Lambda IAM Role iamRoleStatements: - Effect: "Allow" Action: - s3:GetObject - s3:GetObjectAcl Resource: "arn:aws:s3:::${self:custom.inputBucket}/*" # packaging information package: include: - node_modules/ajv/** - node_modules/fast-deep-equal/** - node_modules/fast-json-stable-stringify/** - node_modules/json-schema-traverse/** - node_modules/uri-js/** exclude: - S3/** - __tests__/** - .idea/** - coverage/** functions: validate: handler: handler.validate environment: TEST: ${self:custom.test} INPUT_BUCKET: ${self:custom.inputBucket}任何帮助将不胜感激。
我正在使用无服务器框架,通过node.js和ajv库提供基于lambda的简单模式验证服务。如此处所述,我的本地调用有效,但是当我远程调用时,我...
要从S3获取对象,必须具有列出要从中获取对象的存储桶的权限,这一点很重要。在您的iamRoleStatement