堆栈内存溢出
  简体   繁体   English

如何使用 lambda function 目标为 cloudwatch 事件制作 cloudformation 模板?

[英]How do I make a cloudformation template for a cloudwatch event with a lambda function target?

 原文  2020-07-13 15:09:02       amazon-web-services/ amazon-cloudformation/ amazon-cloudwatch/ amazon-cloudwatch-events

问题描述

Instead of using the aws interface I want to write my cloudwatch event and function as a stack.我不想使用 aws 接口,而是将我的 cloudwatch 事件和 function 作为堆栈编写。 However I am having trouble how to figure out the template of this cloudformation stack.但是我在如何找出这个 cloudformation 堆栈的模板时遇到了麻烦。 The aws guides show examples but I haven't found anything that deals with the syntax of a cloudwatch event, any help? aws 指南显示了示例,但我没有找到任何处理 cloudwatch 事件语法的内容,有什么帮助吗? this is the event and lambda:这是事件和 lambda:

{
  "source": [
    "aws.s3"
  ],
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "s3.amazonaws.com"
    ],
    "eventName": [
      "CreateBucket"
    ]
  }
}

Lambda: Lambda:

import boto3

s3 = boto3.client('s3')

def lambda_handler(event, context):
    # Get bucket name from the S3 event
    print(event)

    bucket_name = event['detail']['requestParameters']['bucketName']

    # Create a bucket policy
    bucket_policy =json.dumps({
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "MustBeEncryptedAtRest",
                "Effect": "Deny",
                "Principal": "*",
                "Action": "s3:PutObject",
                "Resource": [
                    "arn:aws:s3:::{}".format(bucket_name),
                    "arn:aws:s3:::{}/*".format(bucket_name)
                ],
                "Condition": {
                    "StringNotEquals": {
                        "s3:x-amz-server-side-encryption": [
                            "AES256",
                            "aws:kms"
                        ]
                    }
                }
            },
            {
                "Sid": "MustBeEncryptedInTransit",
                "Effect": "Deny",
                "Principal": "*",
                "Action": "s3:*",
                "Resource": [
                    "arn:aws:s3:::{}".format(bucket_name),
                    "arn:aws:s3:::{}/*".format(bucket_name)
                ],
                "Condition": {
                    "Bool": {
                        "aws:SecureTransport": "false"
                        }
                }
            } ] })


    # Set the new policy
    s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy)

1 个解决方案

解决方案1
 2 已采纳  2020-07-13 15:28:11

Below is an example modified slightly from an example in the aws-events-rule CloudFormation documentation.以下是根据aws-events-rule CloudFormation 文档中的示例稍作修改的示例。

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "LambdaFunction": .......
        "EventRule": {
            "Type": "AWS::Events::Rule",
            "Properties": {
                "Description": "EventRule",
                "EventPattern": {
                    "source": [
                        "aws.s3"
                    ],
                    "detail-type": [
                        "AWS API Call via CloudTrail"
                    ],
                    "detail": {
                        "eventSource": [
                            "s3.amazonaws.com"
                        ],
                        "eventName": [
                            "CreateBucket"
                        ]
                    }
                },
                "State": "ENABLED",
                "Targets": [{
                    "Arn": {
                        "Fn::GetAtt": ["LambdaFunction", "Arn"]
                    },
                    "Id": "TargetFunctionV1"
                }]
            }
        }
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 CloudFormation 模板更新 AWS Lambda function - How do I update AWS Lambda function using CloudFormation template 如何使用 cloudformation 模板创建 cloudwatch 事件? - How to create cloudwatch event using cloudformation template? 如何使用cloudformation模板传递aws-lambda函数名称以生成cloudwatch警报 - How to pass aws-lambda function name to generate a cloudwatch alarm using cloudformation template 我可以在 CloudFormation 模板中创建 CloudWatch 计划事件吗? - Can I create a CloudWatch scheduled event in CloudFormation template? 在 Cloudformation 模板中,如何在 IoT 规则中引用动态生成的 Lambda function ARN? - In a Cloudformation template, how do I reference a dynamically generated Lambda function ARN in an IoT Rule? Cloudwatch 事件没有触发我的 lambda 函数,即使它是一个目标 - Cloudwatch event is not triggering my lambda function, even though it's a target 将参数传递给 AWS Cloudwatch 事件目标 lambda function - Pass parameters to AWS Cloudwatch event target lambda function 使用 Terraform 中的不同输入为 lambda function 创建一个 cloudwatch 事件规则目标 - Create a cloudwatch event rule target to a lambda function with different inputs in Terraform 如何在CloudFormation yaml模板中为CloudWatch的CloudFront设置警报? - How do I setup an alarm for CloudFront from CloudWatch in a CloudFormation yaml template? 如何在 Lambda 函数中获取 CloudWatch 事件名称? - How to get CloudWatch Event name in Lambda function?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM