AWS Lambda 从 Codepipeline 调用权限被拒绝错误

Question

I've set my pipeline to invoke a AWS Lamba function.我已将管道设置为调用 AWS Lamba 函数。 After running for 30 mins it shows the error运行30分钟后显示错误

The AWS Lambda function cloudfront-invalidation failed to return a result. AWS Lambda 函数 cloudfront-invalidation 未能返回结果。 Check the function to verify that it has permission to call the PutJobSuccessResult action and that it made a call to PutJobSuccessResult.检查该函数以验证它是否有权调用 PutJobSuccessResult 操作并调用了 PutJobSuccessResult。

Lambda Role has Permissions to set PutJobSuccessResult and Codepipeline Service role has permission to invoke lambda functions. Lambda 角色具有设置 PutJobSuccessResult 的权限，而 Codepipeline 服务角色具有调用 lambda 函数的权限。

Here is my lambda code:这是我的 lambda 代码：

import boto3
import time

def lambda_handler(context, event):

    sts_connection = boto3.client('sts')
    acct_b = sts_connection.assume_role(
        RoleArn="arn:aws:iam::1234567890:role/AssumeRole",
        RoleSessionName="cross_acct_lambda"
    )
    
    ACCESS_KEY = acct_b['Credentials']['AccessKeyId']
    SECRET_KEY = acct_b['Credentials']['SecretAccessKey']
    SESSION_TOKEN = acct_b['Credentials']['SessionToken']

    client = boto3.client(
        'cloudfront',
        aws_access_key_id=ACCESS_KEY,
        aws_secret_access_key=SECRET_KEY,
        aws_session_token=SESSION_TOKEN,
    )
    
    response = client.create_invalidation(
        DistributionId='ABC',
        InvalidationBatch={
            'Paths': {
                'Quantity': 1,
                'Items': [
                    '/*',
                ]
            },
            'CallerReference': str(time.time()).replace(".", "")
        }
    )
    invalidation_id = response['Invalidation']['Id']
    
    print("Invalidation created successfully with Id: " + invalidation_id)
    
    pipeline = boto3.client('codepipeline')
    
    response = pipeline.put_job_success_result(
        jobId= event['CodePipeline.job']['id'] 
    )
    return response

Answer 1

Issue resolved.问题解决了。 Updated lambda below:下面更新了 lambda：

import boto3
import time
import json
import logging

def lambda_handler(event, context):

    sts_connection = boto3.client('sts')
    acct_b = sts_connection.assume_role(
        RoleArn="arn:aws:iam::123456789:role/CloudfrontAssumeRole",
        RoleSessionName="cross_acct_lambda"
    )
    
    ACCESS_KEY = acct_b['Credentials']['AccessKeyId']
    SECRET_KEY = acct_b['Credentials']['SecretAccessKey']
    SESSION_TOKEN = acct_b['Credentials']['SessionToken']

    client = boto3.client(
        'cloudfront',
        aws_access_key_id=ACCESS_KEY,
        aws_secret_access_key=SECRET_KEY,
        aws_session_token=SESSION_TOKEN,
    )
    
    response = client.create_invalidation(
        DistributionId='ABCD',
        InvalidationBatch={
            'Paths': {
                'Quantity': 1,
                'Items': [
                    '/*',
                ]
            },
            'CallerReference': str(time.time()).replace(".", "")
        }
    )
    invalidation_id = response['Invalidation']['Id']
    
    print("Invalidation created successfully with Id: " + invalidation_id)
    
    logger = logging.getLogger()
    logger.setLevel(logging.INFO)
    logger.debug(json.dumps(event))
 
    codepipeline = boto3.client('codepipeline')
    job_id = event['CodePipeline.job']['id']
 
    try:
        logger.info('Success!')
        response = codepipeline.put_job_success_result(jobId=job_id)
        logger.debug(response)
    except Exception as error:
        logger.exception(error)
        response = codepipeline.put_job_failure_result(
            jobId=job_id,
            failureDetails={
              'type': 'JobFailed',
              'message': f'{error.__class__.__name__}: {str(error)}'
            }
        )
        logger.debug(response)

AWS Lambda 从 Codepipeline 调用权限被拒绝错误

问题描述

1 个解决方案

解决方案1
0 2021-07-23 05:58:36

AWS Lambda 从 Codepipeline 调用权限被拒绝错误

问题描述

1 个解决方案

解决方案1 0 2021-07-23 05:58:36

解决方案1
0 2021-07-23 05:58:36