我在 Terraform 中设置了以下内容。所以有两个事件规则,早上 8 点开始事件,下午 6 点停止事件。
# Create cloudwatch event rules
resource "aws_cloudwatch_event_rule" "stop_ec2_event_rule" {
name = "stop-ec2-event-rule"
description = "Stop EC2 instance at a specified time each day"
schedule_expression = var.cloudwatch_schedule_stop
}
resource "aws_cloudwatch_event_rule" "start_ec2_event_rule" {
name = "start-ec2-event-rule"
description = "Start EC2 instance at a specified time each day"
schedule_expression = var.cloudwatch_schedule_start
}
每个事件都会将一个操作传递给 lambda
resource "aws_cloudwatch_event_target" "stop_ec2_event_rule_target" {
rule = aws_cloudwatch_event_rule.stop_ec2_event_rule.name
target_id = "TriggerLambdaFunction"
arn = aws_lambda_function.lambda_rscheduler.arn
input = "{\"environment\":\"${var.environment}\", \"action\":\"stop\"}"
}
resource "aws_cloudwatch_event_target" "start_ec2_event_rule_target" {
rule = aws_cloudwatch_event_rule.start_ec2_event_rule.name
target_id = "TriggerLambdaFunction"
arn = aws_lambda_function.lambda_rscheduler.arn
input = "{\"environment\":\"${var.environment}\", \"action\":\"start\"}"
}
这有效
resource "aws_lambda_permission" "allow_cloudwatch" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda_rscheduler.function_name
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.stop_ec2_event_rule.arn
我面临的问题是我无法让 Terraform 将 start_event 与 lambda 函数关联起来。我进入 AWS 控制台,可以手动将 CloudWatch start_event 触发器添加到 lambda 函数。
如果我有start_event资源
resource "aws_lambda_permission" "allow_cloudwatch" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda_rscheduler.function_name
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.start_ec2_event_rule.arn
它会抱怨statement_id重复。
我需要类似 terraform aws_lambda_event_source_mapping 的东西,但它只允许 Lambda 函数从 Kinesis、DynamoDB 和 SQS 获取事件;而不是 CloudWatch 事件。
如何告诉 terraform 将多个 cloudwatch 事件关联到同一个 lambda 函数;我什么时候可以从 AWS 控制台手动执行此操作?
statement_idaws_lambda_permissionaws_lambda_permission例如,使用
for_eachaws_lambda_permissionresource "aws_lambda_permission" "allow_cloudwatch" {
for_each = {for idx, v in [
aws_cloudwatch_event_rule.stop_ec2_event_rule,
aws_cloudwatch_event_rule.start_ec2_event_rule
]: idx => v}
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda_rscheduler.function_name
principal = "events.amazonaws.com"
source_arn = each.value.arn
}
可以为
aws_cloudwatch_event_ruleaws_cloudwatch_event_targetfor_eachcount一个问题 -> 我有两个 lambda 主体,一个用于没有任何规则的 api 网关,另一个用于 cloudwatch 的 eventbridge 计划事件。拥有两个 aws_lambda_permission 是良好的代码实践吗?或者可以将主体和 source_arn 组合起来。但我看到源 arn 是字符串类型。