3

我的要求是如果文件在 S3 存储桶中创建则触发,Lambda_Function_1如果文件在同一个 S3 存储桶中创建则触发。input.txtLambda_Function_2output.txt

下面的 cfn 不起作用,但如果我只将一个事件而不是两个事件放在相同的LambdaConfigurations.

有人可以在这里帮助我吗?

Parameters:
  S3BucketBaseName:
    Type: String
    Description: The base name of the Amazon S3 bucket.
    Default: dw-trip


Resources:
  LambdaStart: 
    DependsOn:
      - LambdaStartStopEC2
    Type: "AWS::Lambda::Function"
    Properties:
      FunctionName: "dw-trip-start-ec2"
      Handler: "index.handler"
      Role: !GetAtt LambdaStartStopEC2.Arn
      Runtime: python3.7
      MemorySize: 3008
      Timeout: 900
      Code:
        ZipFile: |
          import boto3
          region = 'us-east-1'
          instances = ['i-05d5fbec4c82956b6']
          ec2 = boto3.client('ec2', region_name=region)
          def lambda_handler(event, context):
              ec2.start_instances(InstanceIds=instances)
              print('started your instances: ' + str(instances))

  ProcessingLambdaPermissionStart:
    Type: AWS::Lambda::Permission
    DependsOn:
      - LambdaStart    
    Properties:
      Action: 'lambda:InvokeFunction'
      FunctionName: !Ref LambdaStart
      Principal: s3.amazonaws.com
      SourceArn:
                Fn::Join: 
                  - ''
                  - - 'arn:aws:s3:::'
                    - !Join ["-",[!Ref "S3BucketBaseName",!Ref "AWS::AccountId"]]
      SourceAccount: !Ref AWS::AccountId

  LambdaStop: 
    DependsOn:
      - ProcessingLambdaPermissionStart
    Type: "AWS::Lambda::Function"
    Properties:
      FunctionName: "dw-trip-stop-ec2"
      Handler: "index.handler"
      Role: !GetAtt LambdaStartStopEC2.Arn
      Runtime: python3.7
      MemorySize: 3008
      Timeout: 900
      Code:
        ZipFile: |
          import boto3
          region = 'us-east-1'
          instances = ['i-05d5fbec4c82956b6']
          ec2 = boto3.client('ec2', region_name=region)
          def lambda_handler(event, context):
              ec2.stop_instances(InstanceIds=instances)
              print('stopping your instances: ' + str(instances))

  ProcessingLambdaPermissionStop:
    Type: AWS::Lambda::Permission
    DependsOn:
      - LambdaStop  
    Properties:
      Action: 'lambda:InvokeFunction'
      FunctionName: !Ref LambdaStop
      Principal: s3.amazonaws.com
      SourceArn:
                Fn::Join: 
                  - ''
                  - - 'arn:aws:s3:::'
                    - !Join ["-",[!Ref "S3BucketBaseName",!Ref "AWS::AccountId"]]
      SourceAccount: !Ref AWS::AccountId

  S3KmsKey:
    Type: AWS::KMS::Key
    DependsOn:
      - ProcessingLambdaPermissionStop
    Properties:
      Description: KMS key for trip S3 bucket.
      Enabled: true
      EnableKeyRotation: true
      KeyPolicy:
        Statement:
          - Sid: Administration
            Effect: Allow
            Principal:
              AWS:
                - Fn::Join:
                    - ''
                    - - 'arn:aws:iam::'
                      - Ref: AWS::AccountId
                      - ':role/DW01-codepipeline-action-us-east-1'              
                - Fn::Join:
                    - ''
                    - - 'arn:aws:iam::'
                      - Ref: AWS::AccountId
                      - ':root'
            Action: 'kms:*'
            Resource: '*'

  S3bucketCreate:
    DependsOn:
      - S3KmsKey
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Join ["-",[!Ref "S3BucketBaseName",!Ref "AWS::AccountId"]]
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              KMSMasterKeyID: !Ref S3KmsKey
              SSEAlgorithm: "aws:kms"
      NotificationConfiguration:
        LambdaConfigurations:
          - Event: s3:ObjectCreated:*
            Function: !GetAtt LambdaStart.Arn
            Filter:
              S3Key:
                Rules:
                - Name: prefix
                  Value: input.txt               
          - Event: s3:ObjectCreated:*
            Function: !GetAtt LambdaStop.Arn
            Filter:
              S3Key:
                Rules:
                - Name: prefix
                  Value: output.txt     

  S3bucketPolicy:
    DependsOn:
      - S3bucketCreate        
    Type: AWS::S3::BucketPolicy
    Properties: 
      Bucket: 
        Ref: 'S3bucketCreate'
      PolicyDocument: 
        Statement: 
          - Sid: AllowEc2AccesstoBucket
            Action: 
              - 's3:GetObject'
              - 's3:PutObject'              
            Effect: Allow
            Principal:
              AWS:
                - Fn::Join:          
                  - ''
                  - - 'arn:aws:iam::'
                    - Ref: AWS::AccountId
                    - ':role/DevDW01-EC2-us-east-1'
            Resource: 
                Fn::Join: 
                  - ''
                  - - 'arn:aws:s3:::'
                    - Ref: 'S3bucketCreate'
                    - '/*'              
  LambdaStartStopEC2:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: 
              - lambda.amazonaws.com
            Action: sts:AssumeRole
      RoleName: Lambda-StartStop-EC2
      MaxSessionDuration: 43200
      Policies:
        - PolicyName: StartStop-EC2
          PolicyDocument:
            Statement:
            - Action:
              - s3:*
              Effect: Allow
              Resource: '*'
            - Action:
              - ec2:*
              Effect: Allow
              Resource: '*'
        - PolicyName: logs
          PolicyDocument:
            Statement:
            - Action:
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:DescribeLogGroups
              - logs:DescribeLogStreams
              - logs:PutLogEvents
              - logs:GetLogEvents
              - logs:FilterLogEvents
              Effect: Allow
              Resource: '*'

Outputs:
  S3bucketCreateName:
    Value:
      Ref: S3bucketCreate
    Export:
      Name: S3bucketCreateName
  S3bucketCreateArn:
    Value:
      Fn::GetAtt: S3bucketCreate.Arn
    Export:
      Name: S3bucketCreateArn
  S3KmsKeyArn:
    Value:
      Fn::GetAtt: S3KmsKey.Arn
    Export:
      Name: S3KmsKeyArn
4

2 回答 2

1

只要不重叠,就允许使用prefix和作为名称的多个过滤器规则。suffix请参阅此处以了解解释如何发生重叠以及如何避免重叠的各种示例。

在这种情况下,错误Template format error: YAML not well-formed可能是由于 YAML 格式不正确造成的。使用cfn-lint验证模板。

添加明确指定 S3 对象的预期前缀和后缀的片段。

      NotificationConfiguration:
        LambdaConfigurations:
          - Event: s3:ObjectCreated:*
            Function: !GetAtt LambdaStart.Arn
            Filter:
              S3Key:
                Rules:
                - Name: prefix
                  Value: input
                - Name: suffix
                  Value: txt           
          - Event: s3:ObjectCreated:*
            Function: !GetAtt LambdaStop.Arn
            Filter:
              S3Key:
                Rules:
                - Name: prefix
                  Value: output
                - Name: suffix
                  Value: txt
于 2020-03-18T03:32:46.857 回答
0

实际上,我必须像这样创建多个 LambdaConfigurations。

"NotificationConfiguration": {
    "LambdaConfigurations": [{
            "Event": "s3:ObjectCreated:*",
            "Function": {
                "Fn::GetAtt": ["lambdaVodFunction", "Arn"]
            },
            "Filter": {
                "S3Key": {
                    "Rules": [{
                        "Name": "suffix",
                        "Value": ".mp4"
                    }]
                }
            }
        },
        {
            "Event": "s3:ObjectCreated:*",
            "Function": {
                "Fn::GetAtt": ["lambdaVodFunction", "Arn"]
            },
            "Filter": {
                "S3Key": {
                    "Rules": [{
                        "Name": "suffix",
                        "Value": ".mov"
                    }]
                }
            }
        }
    ]
}
于 2021-07-02T10:45:30.317 回答