1

我正在尝试设置事件源映射,以便每次将记录提交到我的 dynamodb 表时调用 Lambda 函数。我正在尝试按照以下说明进行操作

https://github.com/serverless/serverless/blob/master/docs/guide/overview-of-event-sources.md

我目前serverless.yml正在使用:

service: sl-pipeline

provider:
  name: aws
  runtime: python2.7
  memorySize: ${memoryVar}
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "dynamodb:*"
      Resource: "arn:aws:dynamodb:*:*:table/MyTable*"
    - Effect: "Allow"
      Action:
        - "dynamodb:GetRecords"
        - "dynamodb:GetShardIterator"
        - "dynamodb:DescribeStream"
        - "dynamodb:ListStreams"
      Resource: "arn:aws:dynamodb:*:*:table/MyTable*/stream/*"

# you can overwrite defaults here
defaults:
  stage: dev
  region: us-east-1

functions:
  main:
    handler: handler.main

# Add event trigger from dynamodb Stream Table
resources:
  Resources:
    mapping:
      Type: AWS::Lambda::EventSourceMapping
      Properties:
        BatchSize: 10
        EventSourceArn: "arn:aws:dynamodb:us-east-1:XXXXXXXXX:table/MyTable/stream"
        FunctionName: "sl-pipeline-dev-main"
        StartingPosition: LATEST

每次我打电话serverless deploy,我都会得到:

 Serverless Error ---------------------------------------

 An error occurred while provisioning your cloudformation:
 The following resource(s) failed to create: [IamRoleLambda,
 mapping].

我猜这与 IAM 角色权限有关,但无法弄清楚如何解决它。对于我用于无服务器本身的角色,我尝试使用:

Action: "*"
Resource: "*"

所以它应该可以做任何事情。

请注意,如果我resources从 中删除该部分serverless.yml,我可以正确部署。我什至可以去 dynamodb 表,手动将触发器添加到 lambda 函数中,一切正常。

提前致谢

4

1 回答 1

1

首先;查看为什么无法创建 IamRoleLambda。转到 AWS Web 控制台并转到 CloudFormation。单击您的堆栈(可能它说它失败了)。滚动到失败的步骤并查看原因。它通常会准确说明失败的原因。

第二; 您不需要您的 lambda 执行角色来获得对流的权限。尝试从有关流的 iam 策略中删除部分。所以它看起来像这样:

provider:
    name: aws
    runtime: python2.7
    memorySize: ${memoryVar}
    iamRoleStatements:
    - Effect: "Allow"
      Action:
         - "dynamodb:*"
      Resource: "arn:aws:dynamodb:*:*:table/MyTable*"
于 2016-09-01T10:48:26.007 回答