[英]How do I get the ARN of an AWS Lambda function for a Cloud Formation specific resource property?
I can't seem to get Ref
or Fn:GetAtt
to return a valid value for use with setting up a resource.我似乎无法让
Ref
或Fn:GetAtt
返回用于设置资源的有效值。
serverless.yml无服务器.yml
...etc...
functions:
bearerTokenAuthentication:
handler: app.bearerTokenAuthentication
name: ${self:service}-auth-bearer
resources:
- ${file(./serverless_resources.yml)}
serverless_resources.yml serverless_resources.yml
Resources:
ApiGateway:
Type: AWS::ApiGateway::RestApi
Properties:
Name: restapi-${self:provider.stage}
Description: Endpoints
ApiKeySourceType: HEADER # (to read the API key from the X-API-Key header of a request)
ApiGatewayBearerAuthorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
Type: token
IdentitySource: method.request.header.Authorization
Name: BearerAuthorization
AuthorizerResultTtlInSeconds: 300
AuthorizerUri: !Join #arn:aws:apigateway:${self:provider.region}:lambda:path/${self:functions.bearerTokenAuthentication.name}
- ''
- - 'arn:aws:apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- !GetAtt
- bearerTokenAuthentication # also tried !Ref bearerTokenAuthentication and '${self:functions.bearerTokenAuthentication.name}'
- Arn
- /invocations
RestApiId: !Ref ApiGateway
No matter what I do, GetAtt
cannot find the ARN for the Lambda function declared in bearerTokenAuthentication
.无论我做什么,
GetAtt
都找不到在bearerTokenAuthentication
声明的 Lambda 函数的 ARN。 I just keep getting this error:我只是不断收到此错误:
Error: The CloudFormation template is invalid: Template error: instance of Fn::GetAtt references undefined resource bearerTokenAuthentication
错误:CloudFormation 模板无效:模板错误:Fn::GetAtt 的实例引用未定义的资源 bearerTokenAuthentication
... or if trying Ref
... ... 或者如果尝试
Ref
...
Error: The CloudFormation template is invalid: Template format error: Unresolved resource dependencies [bearerTokenAuthentication] in the Resources block of the template
错误:CloudFormation 模板无效:模板格式错误:模板的资源块中未解析的资源依赖关系 [bearerTokenAuthentication]
Is it possible to reference Lambda ARNs from the resource section?是否可以从资源部分引用 Lambda ARN? It seems by the error messages it is looking for "resource" names.
从错误消息看来,它正在寻找“资源”名称。 I always thought the lambda function declaration was also considered a resource (besides the obvious
Resources:
block of course), perhaps I am misunderstanding something.我一直认为 lambda 函数声明也被认为是一种资源(当然除了明显的
Resources:
块),也许我误解了一些东西。
I figured it out.我想到了。 I had a NodeJS project and was using the "serverless" command line (sls) to deploy using
serverless.yml
.我有一个 NodeJS 项目,并且正在使用“无服务器”命令行(sls)使用
serverless.yml
进行部署。 It turns out it creates a .serverless
sub-directroy with some files in it.事实证明,它创建了一个
.serverless
子目录,其中包含一些文件。 One of them is a compiled template for AWS Cloud Formation called cloudformation-template-update-stack.json
.其中之一是 AWS Cloud Formation 的编译模板,称为
cloudformation-template-update-stack.json
。 It appears that the utility likes to mangle the names by making the first character uppercase and adding "LambdaFunction" to all the function names (for whatever reason).该实用程序似乎喜欢通过使第一个字符大写并将“LambdaFunction”添加到所有函数名称(无论出于何种原因)来破坏名称。 In this case,
bearerTokenAuthentication
was renamed to BearerTokenAuthenticationLambdaFunction
(the actual resource name).在这种情况下,
bearerTokenAuthentication
被重命名为BearerTokenAuthenticationLambdaFunction
(实际资源名称)。 After looking into the compiled template it all became clear.查看编译的模板后,一切都变得清晰了。 The utility also seems to figure out the dependencies as well, which was good to know.
该实用程序似乎还可以计算出依赖关系,这很高兴知道。 This was the final result:
这是最后的结果:
AuthorizerUri: !Join
- ''
- - 'arn:aws:apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- !GetAtt [ BearerTokenAuthenticationLambdaFunction, Arn ]
- '/invocations'
Other "Gotchas":其他“陷阱”:
DO NOT define the AWS::ApiGateway::RestApi
resource (like I did in my question) if you are also using event
mappings with the functions, otherwise you will get 2 APIs created.如果您还在函数中使用
event
映射,请不要定义AWS::ApiGateway::RestApi
资源(就像我在我的问题中所做的那样),否则您将创建 2 个 API。 event
entries automatically cause an API to be created called "ApiGatewayRestApi" - which is the resource name generated by the sls
utility. event
条目会自动创建一个名为“ApiGatewayRestApi”的 API——这是由sls
实用程序生成的资源名称。 The last line of the last file was changed to this:最后一个文件的最后一行改成了这样:
RestApiId: !Ref ApiGatewayRestApi
And my ApiGateway:
section was removed.我的
ApiGateway:
部分已删除。
Credit goes to this post which helped make it more clear to me what was really going on: https://forum.serverless.com/t/fixed-how-do-i-get-reference-api-gateway-restapi-id-in-serverless-yml/3397/5归功于这篇文章,这有助于让我更清楚到底发生了什么: https : //forum.serverless.com/t/fixed-how-do-i-get-reference-api-gateway-restapi-id -in-serverless-yml/3397/5
Previous Answer:上一个答案:
I found another way as well.我也找到了另一种方法。 This is what I resorted to doing until I found the proper (shorter) way.
这就是我一直在做的事情,直到我找到了合适的(更短的)方法。 I was able to pull the lambda name and manually stitch together the required URI:
我能够提取 lambda 名称并手动将所需的 URI 拼接在一起:
AuthorizerUri: !Join
- ''
- - 'arn:aws:apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/arn:aws:lambda:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':function:'
- '${self:functions.bearerTokenAuthentication.name}'
- '/invocations'
I hope that helps save someone some time trying to understand the complicated .yml file.我希望这有助于节省一些时间来尝试理解复杂的 .yml 文件。 I also cannot understand why it is so hard to make it simple to understand.
我也无法理解为什么让它变得简单易懂如此困难。 All someone had to do is say (for me) was "sls takes a 'serverless.yml' file, and optional include files (such as declarations specific to the cloud system itself, like AWS Cloud Formation), and generates a template JSON file that is used by the target cloud services system to deploy your solution. Also, the names you give may get mangled, so check the template."
有人只需要说(对我来说)是“sls 需要一个‘serverless.yml’文件和可选的包含文件(例如特定于云系统本身的声明,如 AWS Cloud Formation),并生成一个模板 JSON 文件目标云服务系统使用它来部署您的解决方案。此外,您提供的名称可能会被破坏,因此请检查模板。 I'm also surprised that no one has created an editor to make all this easier by now - perhaps something I'll look into myself one day.
我也很惊讶现在没有人创建一个编辑器来让这一切变得更容易——也许有一天我会研究一下自己。 ;)
;)
You can always go to the deployed lambda and look for the aws:cloudformation:logical-id tag.您始终可以转到已部署的 lambda 并查找 aws:cloudformation:logical-id 标记。 That way you get the logical ID you should be using in your serverless.yaml.
这样您就可以获得应该在 serverless.yaml 中使用的逻辑 ID。 (Don't like this behind-the-scenes names tricks either...)
(也不喜欢这种幕后花招……)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.