[英]Add aws sqs as aws lambda function trigger using serverless
I want to add sqs (public queue of another account) as trigger point on lambda function(present in another account). 我想将sqs(另一个帐户的公共队列)添加为lambda函数(存在于另一个帐户中)的触发点。 I think it can be done by serverless but I am not able to add it using serverless even both sqs and lambda function exists in same account.
我认为可以通过无服务器来完成,但是即使sqs和lambda函数都存在于同一帐户中,我也无法使用无服务器来添加它。 Kindly suggest me how can I do this.
请建议我该怎么做。
Explaining more: Public Sqs S1 is created in account: X Lambda L1 is in another account: Y 详细说明:在帐户X中创建了公共S1 S Lambda L1在另一个帐户Y中
How can I add sqs S1 as a trigger point of lambda L1? 如何添加平方S1作为Lambda L1的触发点?
I want a command something like sns: aws sns subscribe --topic-arn Amazon SNS topic arn --protocol lambda --notification-endpoint arn:aws:lambda:us-east-1:B:function:SNS-X-Account 我想要类似sns的命令:aws sns订阅--topic-arn Amazon SNS主题arn --protocol lambda --notification-endpoint arn:aws:lambda:us-east-1:B:function:SNS-X-Account
You would need a SQS policy that looks something like this: 您将需要一个类似于以下内容的SQS策略:
{
"Version":"2012-10-17",
"Id":"sqsQueuePolicy",
"Statement":[{
"Sid":"Allow-other-account-to-use-queue",
"Effect":"Allow",
"Principal":{
"AWS":"[ACCOUNT-Y]"
},
"Action":"sqs:*",
"Resource":"arn:aws:sqs:us-east-1:[ACCOUNT-X]:S1",
"Condition": {
"ArnEquals" : "arn:aws:lambda:[ACCOUNT-Y-REGION]:[ACCOUNT-Y]:function:L1"
}
}
]
}
The cloud formation would be something like this in account X: 在帐户X中,云的形成将如下所示:
sqsQueue:
Type: 'AWS::SQS::Queue'
Properties:
QueueName: !Sub '${projectName}-ConsumerQueue'
policyQueueConsumer:
Type: 'AWS::SQS::QueuePolicy'
Properties:
PolicyDocument:
Id: !Sub '${projectName}-ConsumerQueuePolicy'
Version: '2012-10-17'
Statement:
- Sid: 'AllowConsumerSnsToSqsPolicy'
Effect: 'Allow'
Principal:
AWS: '${ACCOUNT-Y}'
Action:
- sqs:ChangeMessageVisibility
- sqs:DeleteMessage
- sqs:GetQueueAttributes
- sqs:ReceiveMessage
- sqs:SendMessage
Resource: !GetAtt sqsQueue.Arn
Condition:
ArnEquals:
aws:SourceArn: !Sub arn:aws:lambda:${ACCOUNT-Y-REGION}:${ACCOUNT-Y}:function:L1
Queues:
- !Ref sqsQueue
The cloud formation for account Y would have the trigger mapped out like so: 帐户Y的云形成将触发设置如下:
sqsEventTrigger:
Type: "AWS::Lambda::EventSourceMapping"
Properties:
BatchSize: 5
Enabled: true
EventSourceArn: 'arn:aws:sqs:us-east-1:[ACCOUNT-X]:S1'
FunctionName: 'L1'
DependsOn:
- queueConsumerLambda
- queueConsumerExecutionRole
Note that your lambda would also need the same permissions defined in its execution role in account Y: 请注意,您的lambda还需要在帐户Y的执行角色中定义的相同权限:
{
"Version":"2012-10-17",
"Id":"lambdaExecutionPolicy",
"Statement":[{
"Sid":"Allow-lambda-to-call-queue-in-other-account",
"Effect":"Allow",
"Action":"sqs:*",
"Resource":"arn:aws:sqs:[ACCOUNT-X-REGION]:[ACCOUNT-X]:S1",
}
]
}
I adapted my answer from my post here: AWS SQS Events On AWS Lambda at Financial Engines TechBlog 我从这里的帖子中修改了答案: Financial Engines TechBlog上AWS Lambda上的AWS SQS事件
Take a look at AWS Documentation for more details: Advanced SQS Policies for more details. 请查看AWS文档了解更多详细信息: 高级SQS策略了解更多详细信息。
There has been a recent announcement by AWS in which they make this exact use-case possible: SQS support for Lambda . AWS最近发布了一项声明,其中他们使这个确切的用例成为可能: SQS对Lambda的支持 。
Assuming you can access all resources you should be able to link SQS and Lambda directly. 假设您可以访问所有资源,则应该可以直接链接SQS和Lambda。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.