无服务器框架1.0:将Cloudformation转换为Yaml for AWS Firehose
[英]Serverless framework 1.0 : Converting Cloudformation to Yaml for AWS Firehose
问题描述
Does anyone know of a definitive guide for converting cloudformation to yaml in Serverless v1.0? 
有谁知道在Serverless v1.0中将cloudformation转换为yaml的权威指南?
I can make quite a few things work but I'm completely stuck on how to setup Firehose and allow a lambda to write to it. 我可以做很多事情,但是我完全固定在如何设置Firehose并允许lambda对其进行写入的问题上。
I think the resources section would look something like this: 我认为资源部分看起来像这样:
resources:
Resources:
FirehoseBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-firehose-bucket
FirehoseDeliveryStream:
Type: AWS::KinesisFirehose::DeliveryStream
Properties:
DeliveryStreamName: "FirehoseDeliveryStream"
S3DestinationConfiguration:
BucketARN:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: FirehoseBucket
BufferingHints:
IntervalInSeconds: 60
SizeInMBs: 5
CompressionFormat: GZIP
Prefix: ${prefix}
RoleARN: "arn:aws:iam::${account-number}:role/${project}-${env}-IamRoleLambda"
But I have no idea how to convert the Cloudformation for the IAM section, which is described here: http://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html . 但是我不知道如何将IAM部分的Cloudformation转换为: http ://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html。
Any pointers, examples or guides on CF->Yaml conversion much appreciated! 非常感谢CF-> Yaml转换的任何指针,示例或指南!
1 个解决方案
解决方案1
0 2016-09-01 11:50:57
The IAM statements for the Lambda Execution Role (ie the role that the Lambda function assumes when executing) is not specified in the resources. 资源中未指定Lambda执行角色(即Lambda函数在执行时承担的角色)的IAM语句。
So if you need permissions to do something from inside your Lambda function you need to give the assumed role permission. 因此,如果您需要权限才能在Lambda函数内部执行某项操作,则需要授予假定的角色权限。
This is specified in the provider section. 这在提供者部分中指定。 So in your case (I just copied something from your link, you will have to change it to what you need) it will be something like this (assuming nodejs runtime): 因此,在您的情况下(我只是从链接中复制了一些内容,您必须将其更改为所需的内容),将是这样的(假设使用nodejs运行时):
provider:
name: aws
runtime: nodejs4.3
iamRoleStatements:
- Effect: Allow
Action:
- firehose:DeleteDeliveryStream
- firehose:PutRecord
- firehose:PutRecordBatch
- firehose:UpdateDestination
Resource:
- arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name
- Effect: Allow
Action:
- logs:PutLogEvents
Resource:
- arn:aws:logs:region:account-id:log-group:log-group-name:log-stream:log-stream-name
Bonus: For general resources specified in cloud formation json format use an online converter from json to yaml. 奖励:对于以云形成json格式指定的常规资源,请使用从json到yaml的在线转换器。 Much easier to get the started that way. 以这种方式开始就容易得多。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.