使用无服务器将AWS sqs添加为AWS Lambda函数触发器

Question

I want to add sqs (public queue of another account) as trigger point on lambda function(present in another account). 我想将sqs（另一个帐户的公共队列）添加为lambda函数（存在于另一个帐户中）的触发点。 I think it can be done by serverless but I am not able to add it using serverless even both sqs and lambda function exists in same account. 我认为可以通过无服务器来完成，但是即使sqs和lambda函数都存在于同一帐户中，我也无法使用无服务器来添加它。 Kindly suggest me how can I do this. 请建议我该怎么做。

Explaining more: Public Sqs S1 is created in account: X Lambda L1 is in another account: Y 详细说明：在帐户X中创建了公共S1 S Lambda L1在另一个帐户Y中

How can I add sqs S1 as a trigger point of lambda L1? 如何添加平方S1作为Lambda L1的触发点？

I want a command something like sns: aws sns subscribe --topic-arn Amazon SNS topic arn --protocol lambda --notification-endpoint arn:aws:lambda:us-east-1:B:function:SNS-X-Account 我想要类似sns的命令：aws sns订阅--topic-arn Amazon SNS主题arn --protocol lambda --notification-endpoint arn：aws：lambda：us-east-1：B：function：SNS-X-Account

Answer 1

You would need a SQS policy that looks something like this: 您将需要一个类似于以下内容的SQS策略：

{
  "Version":"2012-10-17",
  "Id":"sqsQueuePolicy",
  "Statement":[{
      "Sid":"Allow-other-account-to-use-queue",
      "Effect":"Allow",
      "Principal":{
        "AWS":"[ACCOUNT-Y]"
      },
      "Action":"sqs:*",
      "Resource":"arn:aws:sqs:us-east-1:[ACCOUNT-X]:S1",
      "Condition": {
        "ArnEquals" : "arn:aws:lambda:[ACCOUNT-Y-REGION]:[ACCOUNT-Y]:function:L1"
      }
    }
  ]
}

The cloud formation would be something like this in account X: 在帐户X中，云的形成将如下所示：

sqsQueue:
  Type: 'AWS::SQS::Queue'
  Properties:
    QueueName: !Sub '${projectName}-ConsumerQueue'

policyQueueConsumer:
  Type: 'AWS::SQS::QueuePolicy'
  Properties:
    PolicyDocument:
      Id: !Sub '${projectName}-ConsumerQueuePolicy'
      Version: '2012-10-17'
      Statement:
      - Sid: 'AllowConsumerSnsToSqsPolicy'
        Effect: 'Allow'
        Principal:
          AWS: '${ACCOUNT-Y}'
        Action:
          - sqs:ChangeMessageVisibility
          - sqs:DeleteMessage
          - sqs:GetQueueAttributes
          - sqs:ReceiveMessage
          - sqs:SendMessage
        Resource: !GetAtt sqsQueue.Arn
        Condition:
          ArnEquals:
            aws:SourceArn: !Sub arn:aws:lambda:${ACCOUNT-Y-REGION}:${ACCOUNT-Y}:function:L1
    Queues:
      - !Ref sqsQueue

The cloud formation for account Y would have the trigger mapped out like so: 帐户Y的云形成将触发设置如下：

sqsEventTrigger:
  Type: "AWS::Lambda::EventSourceMapping"
  Properties:
    BatchSize: 5
    Enabled: true
    EventSourceArn: 'arn:aws:sqs:us-east-1:[ACCOUNT-X]:S1'
    FunctionName: 'L1'
  DependsOn:
    - queueConsumerLambda
    - queueConsumerExecutionRole

Note that your lambda would also need the same permissions defined in its execution role in account Y: 请注意，您的lambda还需要在帐户Y的执行角色中定义的相同权限：

{
  "Version":"2012-10-17",
  "Id":"lambdaExecutionPolicy",
  "Statement":[{
      "Sid":"Allow-lambda-to-call-queue-in-other-account",
      "Effect":"Allow",
      "Action":"sqs:*",
      "Resource":"arn:aws:sqs:[ACCOUNT-X-REGION]:[ACCOUNT-X]:S1",
    }
  ]
}

I adapted my answer from my post here: AWS SQS Events On AWS Lambda at Financial Engines TechBlog 我从这里的帖子中修改了答案： Financial Engines TechBlog上AWS Lambda上的AWS SQS事件

Take a look at AWS Documentation for more details: Advanced SQS Policies for more details. 请查看AWS文档了解更多详细信息：高级SQS策略了解更多详细信息。

Answer 2

There has been a recent announcement by AWS in which they make this exact use-case possible: SQS support for Lambda . AWS最近发布了一项声明，其中他们使这个确切的用例成为可能： SQS对Lambda的支持。

Assuming you can access all resources you should be able to link SQS and Lambda directly. 假设您可以访问所有资源，则应该可以直接链接SQS和Lambda。

使用无服务器将AWS sqs添加为AWS Lambda函数触发器

问题描述

2 个解决方案

解决方案1
0 2018-09-06 17:47:29

解决方案2
-1 2018-07-05 14:15:11

使用无服务器将AWS sqs添加为AWS Lambda函数触发器

问题描述

2 个解决方案

解决方案1 0 2018-09-06 17:47:29

解决方案2 -1 2018-07-05 14:15:11

解决方案1
0 2018-09-06 17:47:29

解决方案2
-1 2018-07-05 14:15:11