Terraform lambda 函数验证异常
[英]Terraform lambda function validation exception
问题描述
I am trying to set up my current infrastructure in Terraform (v 0.13.0).
我正在尝试在 Terraform (v 0.13.0) 中设置我当前的基础设施。 I am simply starting with migrating existing lambda functions.我只是从迁移现有的 lambda 函数开始。 I have used the following code to try upload an existing lambda function in .net core 3.1 to AWS (provider v. 3.0).我使用以下代码尝试将 .net core 3.1 中的现有 lambda 函数上传到 AWS(提供商 v.3.0)。 I have no issue to deploy this manually but this is obviously not the goal.我可以手动部署它,但这显然不是目标。
Here is the IAM role:这是 IAM 角色:
resource "aws_iam_role" "role_lambda" {
name = "roleLambda"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
POLICY
}
Below the function (note I have obfuscated some values):在函数下方(注意我混淆了一些值):
resource "aws_lambda_function" "lambda_tf" {
function_name = "LambdaTFTest"
role = aws_iam_role.role_lambda.arn
handler = "Lambda::Lambda.Function::FunctionHandler"
runtime = "dotnetcore3.1"
s3_bucket = "arn:aws:s3:::xxxx-xxxxxx"
s3_key = "Lambda.zip"
s3_object_version = "XxXxXxXxXxXxXxXxXxXxXxXxXxXx"
}
However I keep getting this error as an output with no more details:但是,我不断收到此错误作为输出,但没有更多详细信息:
Error: Error creating Lambda function: ValidationException:
status code: 400, request id: a5e89c38-d1f1-456d-93c1-41650fb45386
I already made sure that my lambda is deployed within the same region as the s3 bucket itself so this is not the issue.我已经确保我的 lambda 部署在与 s3 存储桶本身相同的区域内,所以这不是问题。 I thought this could be related to some invalid parameters but I have played with all of them and can't manage to find the problem.我认为这可能与一些无效参数有关,但我已经玩过所有这些参数并且无法找到问题所在。 I have also double checked the correct spelling of the key, version and so on.我还仔细检查了密钥、版本等的正确拼写。 How can I make progress on this?我怎样才能在这方面取得进展?
Thanks in advance for your help.在此先感谢您的帮助。
10 个解决方案
解决方案1
8 2022-03-03 06:48:35
This issue is caused by low values of timeout or using role name instead of role ARN.此问题是由超时值低或使用角色名称而不是角色 ARN 引起的。 I changed from:我改变了:
role = aws_iam_role.lambda_role.name
to到
role = aws_iam_role.lambda_role.arn
And the function deployment was successful.并且功能部署成功。
解决方案2
1 2020-08-15 21:46:32
The aws_iam_role has a syntax error . aws_iam_role有语法错误。 There is missing - in front of POLICY if you want it to keep it tabbed:如果您希望它保持标签状态,则在POLICY前面缺少-
resource "aws_iam_role" "role_lambda" {
name = "roleLambda"
assume_role_policy = <<-POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
POLICY
}
In aws_lambda_function , the s3_bucket should be just bucket name, not its arn:在aws_lambda_function中, s3_bucket应该只是存储桶名称,而不是它的arn:
resource "aws_lambda_function" "lambda_tf" {
function_name = "LambdaTFTest"
role = aws_iam_role.role_lambda.arn
handler = "Lambda::Lambda.Function::FunctionHandler"
runtime = "dotnetcore3.1"
s3_bucket = "xxxx-xxxxxx"
s3_key = "Lambda.zip"
s3_object_version = "XxXxXxXxXxXxXxXxXxXxXxXxXxXx"
}
解决方案3
1 2022-03-02 16:33:36
In my case it was the name of lambda function.在我的例子中,它是 lambda 函数的名称。 I was using spacing and its not allowed.我正在使用间距,这是不允许的。
解决方案4
0 2020-08-15 21:21:08
This comes down to one of the parameters being passed in being invalid.这归结为传入的参数之一无效。
Ensure that the Lambda name is unique, the S3 bucket and key exist and that the IAM role has the assume role policy when it's attached.确保 Lambda 名称唯一,S3 存储桶和密钥存在,并且 IAM 角色在附加时具有代入角色策略。
The runtime is correct, everything else is user defined so would need you to validate.运行时是正确的,其他一切都是用户定义的,因此需要您进行验证。
Try using filename property instead of S3 (this will use local disk instead of S3).尝试使用文件名属性而不是 S3(这将使用本地磁盘而不是 S3)。 Does that work?那样有用吗? If so it might be S3 permissions.如果是这样,它可能是 S3 权限。
If you verify everything and it's still not working the best suggestion would be to raise with AWS support providing the request ID.如果您验证所有内容但仍然无法正常工作,最好的建议是向 AWS 支持提出请求 ID。
解决方案5
0 2021-04-04 10:40:44
For those who might have run into the same issue, it might help to try formatting your main.tf file by converting all spaces to tabs.对于那些可能遇到相同问题的人,尝试通过将所有空格转换为制表符来格式化main.tf文件可能会有所帮助。
If you're using vscode, there is a tab below to convert this, depends if spaces or tabs如果您使用的是 vscode,下面有一个选项卡可以转换它,取决于是空格还是制表符
Below:以下:
Convert Indentation to Tabs:将缩进转换为制表符:
This fixed the issue for me.这为我解决了这个问题。
解决方案6
0 2021-06-22 13:55:11
It could really be any of the parameters you pass to lambda resource.它实际上可能是您传递给 lambda 资源的任何参数。 In my case I said the timeout was "900000" instead of 900. I assumed it to be in ms for some reason.就我而言,我说超时是“900000”而不是 900。出于某种原因,我认为它以毫秒为单位。
解决方案7
0 2021-07-19 07:08:12
I actually got the same error when using a docker image.使用 docker 图像时,我实际上遇到了同样的错误。 The fix here is to set the package_type = "Image"这里的修复是设置 package_type = "Image"
解决方案8
0 2022-11-30 03:26:14
The s3_bucket should only include the name, like xxxx-xxxxxx s3_bucket应该只包含名称,例如xxxx-xxxxxx
The following formats are wrong:以下格式是错误的:
arn:aws:s3:::xxxx-xxxxxx or s3://xxxx-xxxxxx arn:aws:s3:::xxxx-xxxxxx或s3://xxxx-xxxxxx
解决方案9
0 2022-12-21 22:34:43
For me it was the lambda description being too long.对我来说,这是 lambda 描述太长了。
解决方案10
0 2022-12-23 22:30:12
There is a bug with allocating memory more than 4096 so if you copy the example from the terraform docs it will fail.分配内存超过 4096 时存在错误,因此如果您从 terraform 文档复制示例,它将失败。 This does not happen on all AWS account but on some这不会发生在所有 AWS 账户上,但会发生在某些账户上
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.