我正在尝试使用 cloudformation 部署函数和 aws api 网关。在 LambdaPermission 资源中,有一个属性是 SourceArn,它期望将调用该函数的资源的 ARN,在本例中它将是 api 网关。现在ApiGateway资源不提供arn的输出值。所以我的问题是我们如何访问它?
这里是Lambda Permission的资源,我需要将值放入sourcearn中。
LambdaPermission:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !GetAtt LambdaFunction.Arn
Principal: "apigateway.amazonaws.com"
SourceArn: "How to get this value"
格式:
SourceArn:
Fn::Join:
- ''
- - 'arn:'
- !Ref AWS::Partition
- ":execute-api:"
- !Ref AWS::Region
- ":"
- !Ref AWS::AccountId
- ":"
- !Ref "Logical ID of resource of type AWS::ApiGateway::RestApi"
- "/"
- !Ref "Logical ID of resource of type AWS::ApiGateway::Stage"
- "/GET or POST or other HTTP Methods/your/resource/path/here"
一个例子:
SourceArn:
Fn::Join:
- ''
- - 'arn:'
- !Ref AWS::Partition
- ":execute-api:"
- !Ref AWS::Region
- ":"
- !Ref AWS::AccountId
- ":"
- !Ref ApiGatewayRestApiResource
- "/"
- !Ref ApiGatewayStageResource
- "/GET/example"
如果有人正在寻找更紧凑的
!Sub
语法@henry-woody建议的示例,这里是:
SourceArn: !Sub "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/*/GET/"