AWS Lambda函数管道在部署阶段失败:操作执行失败角色…无效或无法假定
问题描述 投票:0回答:1
我在官方AWS文档(Building a Continuous Delivery Pipeline for a Lambda Application with AWS CodePipeline)之后刚刚建立的AWS Lambda函数管道在部署阶段对我失败(源阶段和构建阶段均成功,并显示以下消息:
Action execution failed
Role arn:aws:iam::************:role/service-role/AWSCodePipelineServiceRole-eu-west-1-lambda-pipeline
is invalid or cannot be assumed
(Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: ********-****-****-************)
我确实尝试编辑部署阶段并更改指定的服务角色(WSCodePipelineServiceRole-eu-west-1-lambda-pipeline),再次运行管道,但未成功...更多,再次编辑重新运行管道后的部署阶段,我再次看到以前的角色...
这是我的template.yml:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Outputs the time
Resources:
TimeFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
Runtime: nodejs10.x
CodeUri: ./
Events:
MyTimeApi:
Type: Api
Properties:
Path: /TimeResource
Method: GET
这是我的buildspec.yml:
version: 0.2
phases:
install:
runtime-versions:
nodejs: 10
build:
commands:
- npm install
- export BUCKET=lambda-pipeline-repo-bucket
- aws cloudformation package --template-file template.yml --s3-bucket $BUCKET --output-template-file outputtemplate.yml
artifacts:
type: zip
files:
- template.yml
- outputtemplate.yml
这是WSCodePipelineServiceRole-eu-west-1-lambda-pipeline角色策略JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"cloudformation.amazonaws.com",
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"opsworks:DescribeStacks",
"rds:*",
"devicefarm:GetRun",
"cloudformation:CreateChangeSet",
"autoscaling:*",
"codebuild:BatchGetBuilds",
"servicecatalog:ListProvisioningArtifacts",
"devicefarm:ScheduleRun",
"devicefarm:ListDevicePools",
"cloudformation:UpdateStack",
"servicecatalog:DescribeProvisioningArtifact",
"cloudformation:DescribeChangeSet",
"devicefarm:ListProjects",
"cloudformation:ExecuteChangeSet",
"sns:*",
"codedeploy:RegisterApplicationRevision",
"cloudformation:*",
"opsworks:DescribeDeployments",
"devicefarm:CreateUpload",
"cloudformation:DescribeStacks",
"codecommit:GetUploadArchiveStatus",
"cloudwatch:*",
"opsworks:DescribeInstances",
"cloudformation:DeleteStack",
"ecr:DescribeImages",
"ecs:*",
"ec2:*",
"codebuild:StartBuild",
"opsworks:DescribeApps",
"opsworks:UpdateStack",
"cloudformation:ValidateTemplate",
"codedeploy:CreateDeployment",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeploymentConfig",
"servicecatalog:CreateProvisioningArtifact",
"sqs:*",
"cloudformation:DeleteChangeSet",
"codecommit:GetCommit",
"servicecatalog:DeleteProvisioningArtifact",
"codedeploy:GetApplication",
"cloudformation:SetStackPolicy",
"codecommit:UploadArchive",
"s3:*",
"elasticloadbalancing:*",
"codecommit:CancelUploadArchive",
"devicefarm:GetUpload",
"elasticbeanstalk:*",
"opsworks:UpdateApp",
"opsworks:CreateDeployment",
"cloudformation:CreateStack",
"servicecatalog:UpdateProduct",
"codecommit:GetBranch",
"lambda:*",
"codedeploy:GetDeployment",
"opsworks:DescribeCommands"
],
"Resource": "*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "codestar-connections:UseConnection",
"Resource": "*"
}
]
}
请随时询问其他信息...
[请给我一些方向,我不在这里了...
UPDATE 1在@omuthu回答之后,我确实检查了管道策略(AWSCodePipelineServiceRole-eu-west-1-lambda-pipeline):
{
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"cloudformation.amazonaws.com",
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
}
}
},
...
],
"Version": "2012-10-17"
}
而且我知道我已经有iam:PassRole ...它适用于服务“ cloudformation.amazonaws.com”,“ elasticbeanstalk.amazonaws.com”,“ ec2.amazonaws.com”,“ ecs-tasks.amazonaws.com” ...是否应该添加其他一些服务?还是更好地消除条件?
UPDATE 2我确实尝试删除了该条件,但没有其他结果。
UPDATE 3@shariqmaws:我确实导出了管道(名为“ lambda-pipeline”);在这里是:
{
"pipeline": {
"version": 1,
"artifactStore": {
"location": "codepipeline-eu-west-1-##########",
"type": "S3"
},
"roleArn": "arn:aws:iam::##########:role/service-role/AWSCodePipelineServiceRole-eu-west-1-lambda-pipeline",
"name": "lambda-pipeline",
"stages": [
{
"name": "Source",
"actions": [
{
"inputArtifacts": [],
"region": "eu-west-1",
"name": "Source",
"configuration": {
"PollForSourceChanges": "true",
"BranchName": "master",
"RepositoryName": "lambda-pipeline-repo"
},
"outputArtifacts": [
{
"name": "SourceArtifact"
}
],
"runOrder": 1,
"actionTypeId": {
"provider": "CodeCommit",
"owner": "AWS",
"version": "1",
"category": "Source"
}
}
]
},
{
"name": "Build",
"actions": [
{
"inputArtifacts": [
{
"name": "SourceArtifact"
}
],
"region": "eu-west-1",
"name": "Build",
"configuration": {
"ProjectName": "lambda-pipeline-build"
},
"outputArtifacts": [
{
"name": "BuildArtifact"
}
],
"runOrder": 1,
"actionTypeId": {
"provider": "CodeBuild",
"owner": "AWS",
"version": "1",
"category": "Build"
}
}
]
},
{
"name": "Deploy",
"actions": [
{
"inputArtifacts": [
{
"name": "BuildArtifact"
}
],
"region": "eu-west-1",
"name": "Deploy",
"configuration": {
"TemplatePath": "BuildArtifact::outputtemplate.yml",
"ActionMode": "CHANGE_SET_REPLACE",
"ChangeSetName": "lambda-pipeline-changeset",
"Capabilities": "CAPABILITY_IAM",
"RoleArn": "arn:aws:iam::##########:role/service-role/AWSCodePipelineServiceRole-eu-west-1-lambda-pipeline",
"StackName": "lambda-pipeline-stack"
},
"outputArtifacts": [],
"runOrder": 1,
"actionTypeId": {
"provider": "CloudFormation",
"owner": "AWS",
"version": "1",
"category": "Deploy"
}
}
]
}
]
},
"metadata": {
"updated": 1584382274.615,
"created": 1584382274.615,
"pipelineArn": "arn:aws:codepipeline:eu-west-1:##########:lambda-pipeline"
}
}
您能发现此管道有任何问题吗? (感谢您的帮助!)
UPDATE 4@Shawn:我确实阅读了您指向我的文档,并检查了我的配置...我在eu-west-1区域中,并且已启用,如我在帐户设置中所看到的:
感谢您的任何评论...
1个回答
1
投票
投票
最新问题
- 我的 y 轴值与 ggplot 中不匹配
- 使用 Presto 进行非即席查询
- 如何显示docker当前配置?
- C++:在抽象类中定义 begin() 和 end()
- 响应式图片tinymce图片链接
- macOS Monterey 如何安装最新版本的 python 电机包?
- 如何使用 vitest 在 vue3/nuxt3 CompositionAPI 中模拟 i18n t()?
- Django prefetch_相关嵌套过滤器
- 警告:未定义的数组键“登录”
- VS Code 每次都要求我选择构建命令
- Django-admin 无法识别
- 识别 spfx web 部件中使用的当前 UIculture
- 如何在不使用自定义操作的情况下只获取API平台中已登录用户的资源管理器?
- Maui Android 兄弟移动打印 SDK 绑定类
- 使用 Delegate 将 UIImage 数据传递到另一个视图控制器
- 如何在 SwiftUI TextField 中显示和编辑小数值?
- 工厂与责任链:实现记录器
- 在 Open Refine 中与 Wikidata 协调后获取 Wikipedia 页面 ID 而不是 Wikilink
- Perl 哈希数组正在添加其他数组中的元素
- java 17 - 无法使私有 java.io.File 可访问:模块 java.base 不会向未命名模块“打开 java.io”
© www.soinside.com 2019 - 2024. All rights reserved.