[英]Lambda Function in AWS CloudFormation
能夠在Lambda服務中成功創建Lambda函數。 但是它不會自動發送郵件。 創建Lambda函數后,我手動單擊“測試”。 如何從CloudFormation執行此操作。
IAM角色
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }]
},
"Path": "/",
"Policies": [{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{ "Effect": "Allow", "Action": ["ses:*"], "Resource": "*" }]
}
}]
} }
Lamda函數
"SendEmailNotification" : {
"Type": "AWS::Lambda::Function",
"Properties": {
"Handler": "index.handler",
"Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
"Code": {
"ZipFile": { "Fn::Join": ["", [
"var response = require('cfn-response');\n",
"var aws = require('aws-sdk');\n",
"var ses = new aws.SES({\n",
"region:'us-east-1'\n",
"});\n",
"exports.handler = function(event, context) {\n",
"console.log('Incoming: ', event);\n",
"var eParams = {\n",
"Destination: {\n" ,
"ToAddresses: ['abc@example.com']\n",
"},\n",
"Message: {\n",
"Body: {\n",
"Text: {\n",
{"Fn::Join" : ["",["Data: '", { "Fn::ImportValue" : "Route53DNSName" },"'\n"]]},
"}\n",
"},\n",
"Subject: {\n",
"Data: 'DNSName'\n",
"}\n",
"},\n",
"Source: 'abc@example.com'\n",
"};\n",
"console.log('SENDING EMAIL');\n",
"var email = ses.sendEmail(eParams, function(err, data){\n",
"if(err) console.log(err);\n",
"else {\n",
"console.log('EMAIL SENT');\n",
"console.log(data);\n",
"console.log('EMAIL: ', email);\n",
"context.succeed(event);\n",
"}\n",
"});\n",
"};"
]]}
},
"Runtime": "nodejs6.10"
}
}
我保證您要在運行雲形成模板時發送要觸發的Lambda函數。
AWS::Lambda::Function
資源類型僅創建lambda函數, 而不執行該函數。 如果要與cloudformation一起運行,則需要自定義Lambda支持的資源( http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources-lambda.html )
這是創建cloudformation時運行lambda的示例:
Resources:
TestFunction:
Type: AWS::Lambda::Function
Properties:
Runtime: python2.7
Handler: index.handler
Role: !GetAtt TestRole.Arn
Code:
ZipFile: !Sub |
from botocore.vendored import requests
import json
def send(event, context, responseStatus, responseData, physicalResourceId):
responseUrl = event['ResponseURL']
print responseUrl
responseBody = {}
responseBody['Status'] = responseStatus
responseBody['Reason'] = 'See the details in CloudWatch Log Stream: ' + context.log_stream_name
responseBody['PhysicalResourceId'] = physicalResourceId or context.log_stream_name
responseBody['StackId'] = event['StackId']
responseBody['RequestId'] = event['RequestId']
responseBody['LogicalResourceId'] = event['LogicalResourceId']
responseBody['Data'] = responseData
json_responseBody = json.dumps(responseBody)
print "Response body:\n" + json_responseBody
headers = {
'content-type' : '',
'content-length' : str(len(json_responseBody))
}
try:
response = requests.put(responseUrl,
data=json_responseBody,
headers=headers)
print "Status code: " + response.reason
except Exception as e:
print "send(..) failed executing requests.put(..): " + str(e)
def handler(event, context):
print event
print context
responseData = {}
send(event, context, "SUCCESS", responseData, "CustomResourcePhysicalID")
TestRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: AllowAccess
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "logs:*"
Resource: "arn:aws:logs:*:*:*"
CustomResourceTest:
Type: Custom::Demo
Properties:
ServiceToken: !GetAtt TestFunction.Arn
正如您在CloudWatch日志中看到的那樣,這只是運行該功能。 根據需要進行調整以發送電子郵件。
您必須注意以下幾點:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.