堆栈内存溢出
  简体   繁体   English

在 Cloudformation 模板中,如何在 IoT 规则中引用动态生成的 Lambda function ARN?

[英]In a Cloudformation template, how do I reference a dynamically generated Lambda function ARN in an IoT Rule?

 原文  2020-04-19 12:53:04       amazon-web-services/ amazon-cloudformation/ aws-amplify

问题描述

Using AWS Amplify CLI, I've created a Lambda function for my project.使用 AWS Amplify CLI,我为我的项目创建了 Lambda function。 It created a Cloudformation template as part of that process.它创建了一个 Cloudformation 模板作为该过程的一部分。 I'm editing the template, adding an IoT rule to trigger the lambda function.我正在编辑模板,添加一个 IoT 规则来触发 lambda function。 The function name itself changes per environment, along with the Lambda function ARN I'm attempting to target in my IoT rule section. function 名称本身随环境而变化,以及 Lambda function ARN 我试图在我的 IoT 规则部分中定位。

Here's the section I'm working on now:这是我现在正在处理的部分:

"IoTRuleS3RequestSignedUrl": {
    "Type": "AWS::IoT::TopicRule",
    "Properties": {
        "RuleName": "twinTigerSecurityS3SignedUrlRequests",
        "TopicRulePayload": {
            "Actions": [
                {
                    "Lambda": {
                        "FunctionArn": "HOW DO I REFERENCE THIS DYNAMIC ARN?"
                    }
                }
            ],
            "Description": "Get S3 bucket signed URL to upload image directly to S3.",
            "RuleDisabled": false,
            "Sql": "SELECT operation, bucket, key, replyTo FROM 'iot/topic'"
        }
    }
}

Here's the full template in progress:这是正在制作的完整模板:

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Lambda resource stack creation using Amplify CLI",
    "Parameters": {
        "CloudWatchRule": {
            "Type": "String",
            "Default" : "NONE",
            "Description" : " Schedule Expression"
        },
        "env": {
            "Type": "String"
        }

    },
    "Conditions": {
        "ShouldNotCreateEnvResources": {
            "Fn::Equals": [
                {
                    "Ref": "env"
                },
                "NONE"
            ]
        }
    },
    "Resources": {
        "LambdaFunction": {
        "Type": "AWS::Lambda::Function",
        "Metadata": {
            "aws:asset:path": "./src",
            "aws:asset:property": "Code"
        },
        "Properties": {
            "Handler": "index.handler",
            "FunctionName": {
                "Fn::If": [
                    "ShouldNotCreateEnvResources",
                    "twinTigerSecurityRequestS3SignedUrl", 
                    {

                        "Fn::Join": [
                            "",
                            [
                                "twinTigerSecurityRequestS3SignedUrl",
                                "-",
                                {
                                    "Ref": "env"
                                }
                            ]
                        ]
                    }      
                ]
            },
            "Environment": {
                "Variables" : {
                    "ENV": {
                        "Ref": "env"
                    },
                    "REGION": { 
                        "Ref": "AWS::Region"
                    }

                }
            },
            "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
            "Runtime": "nodejs12.x",
            "Timeout": "25"
        }
        },
        "LambdaExecutionRole": {
            "Type": "AWS::IAM::Role",
            "Properties": {
                "RoleName": {
                    "Fn::If": [
                        "ShouldNotCreateEnvResources",
                        "twintigersecurityLambdaRolebf1a383b", 
                        {

                            "Fn::Join": [
                                "",
                                [
                                    "twintigersecurityLambdaRolebf1a383b",
                                    "-",
                                    {
                                        "Ref": "env"
                                    }
                                ]
                            ]
                        } 
                    ]
                },
                "AssumeRolePolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Service": [
                                    "lambda.amazonaws.com"
                                ]
                            },
                            "Action": [
                                "sts:AssumeRole"
                            ]
                        }
                    ]
                }
            }
        }
        ,"lambdaexecutionpolicy": {
            "DependsOn": ["LambdaExecutionRole"],
            "Type": "AWS::IAM::Policy",
            "Properties": {
                "PolicyName": "lambda-execution-policy",
                "Roles": [{ "Ref": "LambdaExecutionRole" }],
                "PolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Action":["logs:CreateLogGroup",
                            "logs:CreateLogStream",
                            "logs:PutLogEvents"],
                            "Resource": { "Fn::Sub" : [ "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", { "region": {"Ref": "AWS::Region"},  "account": {"Ref": "AWS::AccountId"}, "lambda": {"Ref": "LambdaFunction"}} ]}
                        }
                    ]
                }
            }
        },
        "IoTRuleS3RequestSignedUrl": {
            "Type": "AWS::IoT::TopicRule",
            "Properties": {
                "RuleName": "twinTigerSecurityS3SignedUrlRequests",
                "TopicRulePayload": {
                    "Actions": [
                        {
                            "Lambda": {
                                "FunctionArn": "HOW DO I REFERENCE THIS DYNAMIC ARN?"
                            }
                        }
                    ],
                    "Description": "Get S3 bucket signed URL to upload image directly to S3.",
                    "RuleDisabled": false,
                    "Sql": "SELECT operation, bucket, key, replyTo FROM 'iot/topic'"
                }
            }
        }              
    },
    "Outputs": {
        "Name": {
            "Value": {
                "Ref": "LambdaFunction"
            }
        },
        "Arn": {
            "Value": {"Fn::GetAtt": ["LambdaFunction", "Arn"]}
        },
        "Region": {
            "Value": {
                "Ref": "AWS::Region"
            }
        },
        "LambdaExecutionRole": {
            "Value": {
                "Ref": "LambdaExecutionRole"
            }
        }

    }
}

I could do this in the UI, however that's not ideal long-term nor the intent of configuration by code provided by Amplify/Cloudformation.我可以在 UI 中执行此操作,但这不是理想的长期目标,也不是通过 Amplify/Cloudformation 提供的代码进行配置的意图。 What's the best way to proceed in referencing the Lambda function from the IoT rule?从 IoT 规则中引用 Lambda function 的最佳方法是什么?

1 个解决方案

解决方案1
 3 已采纳  2020-04-19 14:51:04

You can use intrinsic function Fn::GetAtt to get ARN of the resource like follows:您可以使用内部 function Fn::GetAtt来获取资源的 ARN,如下所示:

"Fn::GetAtt": ["LambdaFunction", "Arn"]

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获取 CloudFormation 生成的 lambda 的日志组名称和 ARN? - How do I get the log group name and ARN of a lambda generated by CloudFormation? 如何使用 CloudFormation 模板更新 AWS Lambda function - How do I update AWS Lambda function using CloudFormation template 从 cloudformation 堆栈中检索 lambda 函数的 arn - Retrieve the arn of a lambda function from a cloudformation stack 如何使用 lambda function 目标为 cloudwatch 事件制作 cloudformation 模板? - How do I make a cloudformation template for a cloudwatch event with a lambda function target? 如何在 cloudformation 中引用 AWS 托管策略 arn? - How to reference AWS managed policy arn in cloudformation? 使用 CodePipeline 和 CDK 生成的 CloudFormation 模板部署 Lambda Function - Deploy Lambda Function using CodePipeline and CDK generated CloudFormation Template 如何在CloudFormation模板中引用现有的AWS Cert? - How do I reference an existing AWS Cert in a CloudFormation template? 如何在CloudFormation中添加带有S3触发器的Lambda函数? - How do I add a Lambda Function with an S3 Trigger in CloudFormation? Lambda函数的内联代码属性中CloudFormation模板中的参考资源 - Reference resource in CloudFormation template in inline code property of a Lambda function 从Lambda函数内部访问AWS CloudFormation ARN - Access AWS CloudFormation ARN from inside Lambda Function
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM