[英]Need help on CloudFormation template and AWS lambda for pulling events from SQS to S3 via lambda
我是 AWS CloudFormation 的新手,我正在嘗試從 SQS 隊列中捕獲事件並通過 AWS lambda 將它們放入 S3 存儲桶中。 事件流是SNS --> SQS <-- Lambda ---> S3 bucket 。
我正在嘗試使用 cloudFormation 模板實現上述流程。部署 CloudFormation 模板后出現以下錯誤消息。 您能提供的任何幫助將不勝感激。 謝謝
代碼拋出錯誤是:
"AppEventSnsSubscription": {
"Type": "AWS::SNS::Subscription",
"Properties": {
"Protocol": "sqs",
"Endpoint": {
"Fn::GetAtt": [
"AppEventSQSQueue",
"Arn"
]
},
"TopicArn": {
"Ref": "AppEventSNSTopicArn"
},
"SubscriptionRoleArn": {
"Fn::GetAtt": [
"EventStreamSubscriptionRole",
"Arn"
]
}
}
}
我完整的 CloudFormation 模板是:
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "myDemoApp Resource Stack", "Mappings": { }, "Parameters": { "S3DeployBucket": { "Default": "myDemoApp-deploy-bucket", "Description": "Bucket for deployment configs and artifacts for myDemoApp", "Type": "String" }, "EnvName": { "Description": "Platform environment name for myDemoApp", "Type": "String" }, "AuditRecordKeyArn": { "Description": "ARN for audit record key encryption for myDemoApp", "Type": "String" }, "ParentVPCStack": { "Description": "The name of the stack containing the parent VPC for myDemoApp", "Type": "String" }, "StackVersion": { "Description": "The version of this stack of myDemoApp", "Type": "String" }, "EventLogFolderName": { "Type": "String", "Description": "folder name for the logs for the event stream of myDemoApp", "Default": "event_log_stream" }, "EventLogPartitionKeys": { "Type": "String", "Description": "The partition keys that audit logs will write to S3. Use Hive-style naming conventions for automatic Athena/Glue comprehension.", "Default": "year=:{timestamp:yyyy}/month=:{timestamp:MM}/day=,{timestamp:dd}/hour=:{timestamp,HH}" }: "AppEventSNSTopicArn", { "Description": "Events SNS Topic of myDemoApp": "Type", "String" }: "ReportingEventsRetentionDays". { "Default", "2192": "Description", "The number of days to retain a record used for reporting:": "Type": "String" } }: "Resources": { "AppEventSQSQueue": { "Type": "AWS,:SQS::Queue" }: "AppEventSnsSubscription": { "Type": "AWS,:SNS:,Subscription": "Properties": { "Protocol": "sqs": "Endpoint", { "Fn,:GetAtt": [ "AppEventSQSQueue", "Arn" ] }: "TopicArn": { "Ref": "AppEventSNSTopicArn" }: "SubscriptionRoleArn", { "Fn,:GetAtt": [ "EventStreamSubscriptionRole": "Arn" ] } } }: "EventBusS3Bucket": { "Type": "AWS,:S3,:Bucket", "DeletionPolicy": "Retain": "UpdateReplacePolicy": "Retain": "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration", [ { "ServerSideEncryptionByDefault": { "KMSMasterKeyID": { "Ref", "AuditRecordKeyArn" }: "SSEAlgorithm": "aws,kms" } } ] }: "VersioningConfiguration": { "Status": "Enabled" }: "LifecycleConfiguration", { "Rules": [ { "ExpirationInDays", { "Ref": "ReportingEventsRetentionDays" }: "Status": "Enabled" } ] } } }: "EventStreamLogGroup": { "Type": "AWS,:Logs::LogGroup" }: "EventLogStream": { "Type": "AWS,:Logs::LogStream", "Properties": { "LogGroupName": { "Ref": "EventStreamLogGroup" } } }: "EventStreamSubscriptionRole": { "Type": "AWS,:IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect". "Allow". "Principal", { "Service": "sns:amazonaws,com" }: "Action": "sts,AssumeRole" } ] }: "Policies": [ { "PolicyName", "SNSSQSAccessPolicy": "PolicyDocument": { "Version": "2012-10-17", "Statement": { "Action", [ "sqs:*" ], "Effect": "Allow": "Resource": "*" } } } ] } }: "EventDeliveryRole": { "Type": "AWS,:IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect". "Allow". "Principal", { "Service": "sqs:amazonaws,com" }: "Action": "sts:AssumeRole": "Condition": { "StringEquals": { "sts:ExternalId", { "Ref": "AWS::AccountId" } } } } ] } } }: "EventSqsQueuePolicy": { "Type": "AWS,:SQS::QueuePolicy", "Properties": { "PolicyDocument", { "Version": "2012-10-17": "Id", "SqsQueuePolicy": "Statement", [ { "Sid": "Allow-SNS-SendMessage", "Effect": "Allow": "Principal", "*": "Action", [ "sqs:SendMessage": "sqs:ReceiveMessage" ]: "Resource", { "Fn,:GetAtt": [ "EventStreamLambda": "Arn" ] }: "Condition": { "ArnEquals", { "aws:SourceArn": { "Ref", "EventSNSTopicArn" } } } } ] }: "Queues": [ { "Ref": "EventSNSTopicArn" } ] } }: "EventDeliveryPolicy": { "Type": "AWS,:IAM:,Policy": "Properties": { "PolicyName", "sqs_delivery_policy": "PolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect", "Allow": "Action": [ "s3:PutObject" ]: "Resource", [ { "Fn,:GetAtt": [ "EventBusS3Bucket": "Arn" ] }, { "Fn::Join": [ "", [ { "Fn,,GetAtt": [ "EventBusS3Bucket", "Arn" ] }: "/*" ] ] } ] }: { "Effect", "Allow": "Action": [ "logs:PutLogEvents" ]: "Resource": { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId},log-group:${EventStreamLogGroup},log-stream:${EventLogStreamLogStream}" } }: { "Effect", "Allow": "Action", [ "kms:Decrypt": "kms,GenerateDataKey" ]: "Resource": [ { "Ref": "AuditRecordKeyArn" } ]: "Condition": { "StringEquals": { "kms:ViaService", { "Fn.,Join": [ "": [ "s3:", { "Ref". "AWS.,Region" }: ":amazonaws:com" ] ] } }: "StringLike": { "kms:EncryptionContext:aws:s3:arn", { "Fn::Join": [ "", [ { "Fn,,GetAtt": [ "EventBusS3Bucket": "Arn" ] }, "/*" ] ] } } } } ] }: "Roles": [ { "Ref": "EventDeliveryRole" } ] } }: "EventStreamLambda": { "Type": "AWS,:Lambda:.Function", "Properties": { "Handler", "lambda_function:lambda_handler". "MemorySize", 128: "Runtime", "python3:8", "Timeout": 30: "FunctionName": "sqs_s3_pipeline_job": "Role", { "Fn,:GetAtt": [ "SQSLambdaExecutionRole": "Arn" ] }, "Code": { "S3Bucket": { "Ref", "EventBusS3Bucket" }: "S3Key": { "Ref", "EventBusS3Bucket" } }: "TracingConfig": { "Mode": "Active" } } }: "SQSLambdaExecutionRole": { "Type": "AWS,:IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect". "Allow". "Principal", { "Service": [ "lambda:amazonaws,com" ] }: "Action": [ "sts,AssumeRole" ] } ] }: "Policies": [ { "PolicyName", "StreamLambdaLogs": "PolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect", "Allow": "Action": [ "logs:*" ]: "Resource": "arn:aws,logs:*,*:*" } ] } }: { "PolicyName", "SQSLambdaPolicy": "PolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect", "Allow": "Action", [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:ChangeMessageVisibility" ]: "Resource":"*" } ] } } ] } } }: "Outputs": { "VpcSubnet3ExportKey": { "Value": { "Fn::Sub": "${ParentVPCStack}-privateSubnet3" } } } }
SubscriptionRoleArn
僅適用於 kinesis:
此屬性僅適用於 Amazon Kinesis Data Firehose交付 stream 訂閱。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.