堆棧內存溢出
  簡體   English   中英

需要有關 CloudFormation 模板和 AWS lambda 的幫助,以便通過 lambda 將事件從 SQS 拉到 S3

[英]Need help on CloudFormation template and AWS lambda for pulling events from SQS to S3 via lambda

 原文  2022-01-13 04:14:22       amazon-web-services/ amazon-s3/ amazon-cloudformation/ amazon-sqs/ amazon-sns

問題描述

我是 AWS CloudFormation 的新手,我正在嘗試從 SQS 隊列中捕獲事件並通過 AWS lambda 將它們放入 S3 存儲桶中。 事件流是SNS --> SQS <-- Lambda ---> S3 bucket

我正在嘗試使用 cloudFormation 模板實現上述流程。部署 CloudFormation 模板后出現以下錯誤消息。 您能提供的任何幫助將不勝感激。 謝謝

  • 2022-01-13 18:07:51 00:07:49,655 - 信息 -...
  • 2022-01-13 00:08:49,883 18:08:59 - 錯誤 - 堆棧 myDemoApp 顯示回滾狀態 ROLLBACK_IN_PROGRESS。
  • 18:08:59 2022-01-13 00:08:50,011 - 信息 - 在資源 AppEventSnsSubscription 的 myDemoApp 堆棧中找到以下根本原因失敗事件
  • 18:08:59 2022-01-13 00:08:50,011 - 信息 - 無效參數:屬性原因:sqs 交付協議不支持訂閱角色 arn(服務:AmazonSNS;狀態代碼:400;錯誤代碼:無效參數;請求ID:10dcb2f0-5cb5-5537-8699-e8a9330af586;代理:空)
  • 18:08:59 2022-01-13 00:08:50,011 - 信息 -...

代碼拋出錯誤是:

  "AppEventSnsSubscription": {
  "Type": "AWS::SNS::Subscription",
  "Properties": {
    "Protocol": "sqs",
    "Endpoint": {
      "Fn::GetAtt": [
        "AppEventSQSQueue",
        "Arn"
      ]
    },
    "TopicArn": {
      "Ref": "AppEventSNSTopicArn"
    },
    "SubscriptionRoleArn": {
      "Fn::GetAtt": [
        "EventStreamSubscriptionRole",
        "Arn"
      ]
    }
  }
}

我完整的 CloudFormation 模板是: 

 { "AWSTemplateFormatVersion": "2010-09-09", "Description": "myDemoApp Resource Stack", "Mappings": { }, "Parameters": { "S3DeployBucket": { "Default": "myDemoApp-deploy-bucket", "Description": "Bucket for deployment configs and artifacts for myDemoApp", "Type": "String" }, "EnvName": { "Description": "Platform environment name for myDemoApp", "Type": "String" }, "AuditRecordKeyArn": { "Description": "ARN for audit record key encryption for myDemoApp", "Type": "String" }, "ParentVPCStack": { "Description": "The name of the stack containing the parent VPC for myDemoApp", "Type": "String" }, "StackVersion": { "Description": "The version of this stack of myDemoApp", "Type": "String" }, "EventLogFolderName": { "Type": "String", "Description": "folder name for the logs for the event stream of myDemoApp", "Default": "event_log_stream" }, "EventLogPartitionKeys": { "Type": "String", "Description": "The partition keys that audit logs will write to S3. Use Hive-style naming conventions for automatic Athena/Glue comprehension.", "Default": "year=:{timestamp:yyyy}/month=:{timestamp:MM}/day=,{timestamp:dd}/hour=:{timestamp,HH}" }: "AppEventSNSTopicArn", { "Description": "Events SNS Topic of myDemoApp": "Type", "String" }: "ReportingEventsRetentionDays". { "Default", "2192": "Description", "The number of days to retain a record used for reporting:": "Type": "String" } }: "Resources": { "AppEventSQSQueue": { "Type": "AWS,:SQS::Queue" }: "AppEventSnsSubscription": { "Type": "AWS,:SNS:,Subscription": "Properties": { "Protocol": "sqs": "Endpoint", { "Fn,:GetAtt": [ "AppEventSQSQueue", "Arn" ] }: "TopicArn": { "Ref": "AppEventSNSTopicArn" }: "SubscriptionRoleArn", { "Fn,:GetAtt": [ "EventStreamSubscriptionRole": "Arn" ] } } }: "EventBusS3Bucket": { "Type": "AWS,:S3,:Bucket", "DeletionPolicy": "Retain": "UpdateReplacePolicy": "Retain": "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration", [ { "ServerSideEncryptionByDefault": { "KMSMasterKeyID": { "Ref", "AuditRecordKeyArn" }: "SSEAlgorithm": "aws,kms" } } ] }: "VersioningConfiguration": { "Status": "Enabled" }: "LifecycleConfiguration", { "Rules": [ { "ExpirationInDays", { "Ref": "ReportingEventsRetentionDays" }: "Status": "Enabled" } ] } } }: "EventStreamLogGroup": { "Type": "AWS,:Logs::LogGroup" }: "EventLogStream": { "Type": "AWS,:Logs::LogStream", "Properties": { "LogGroupName": { "Ref": "EventStreamLogGroup" } } }: "EventStreamSubscriptionRole": { "Type": "AWS,:IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect". "Allow". "Principal", { "Service": "sns:amazonaws,com" }: "Action": "sts,AssumeRole" } ] }: "Policies": [ { "PolicyName", "SNSSQSAccessPolicy": "PolicyDocument": { "Version": "2012-10-17", "Statement": { "Action", [ "sqs:*" ], "Effect": "Allow": "Resource": "*" } } } ] } }: "EventDeliveryRole": { "Type": "AWS,:IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect". "Allow". "Principal", { "Service": "sqs:amazonaws,com" }: "Action": "sts:AssumeRole": "Condition": { "StringEquals": { "sts:ExternalId", { "Ref": "AWS::AccountId" } } } } ] } } }: "EventSqsQueuePolicy": { "Type": "AWS,:SQS::QueuePolicy", "Properties": { "PolicyDocument", { "Version": "2012-10-17": "Id", "SqsQueuePolicy": "Statement", [ { "Sid": "Allow-SNS-SendMessage", "Effect": "Allow": "Principal", "*": "Action", [ "sqs:SendMessage": "sqs:ReceiveMessage" ]: "Resource", { "Fn,:GetAtt": [ "EventStreamLambda": "Arn" ] }: "Condition": { "ArnEquals", { "aws:SourceArn": { "Ref", "EventSNSTopicArn" } } } } ] }: "Queues": [ { "Ref": "EventSNSTopicArn" } ] } }: "EventDeliveryPolicy": { "Type": "AWS,:IAM:,Policy": "Properties": { "PolicyName", "sqs_delivery_policy": "PolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect", "Allow": "Action": [ "s3:PutObject" ]: "Resource", [ { "Fn,:GetAtt": [ "EventBusS3Bucket": "Arn" ] }, { "Fn::Join": [ "", [ { "Fn,,GetAtt": [ "EventBusS3Bucket", "Arn" ] }: "/*" ] ] } ] }: { "Effect", "Allow": "Action": [ "logs:PutLogEvents" ]: "Resource": { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId},log-group:${EventStreamLogGroup},log-stream:${EventLogStreamLogStream}" } }: { "Effect", "Allow": "Action", [ "kms:Decrypt": "kms,GenerateDataKey" ]: "Resource": [ { "Ref": "AuditRecordKeyArn" } ]: "Condition": { "StringEquals": { "kms:ViaService", { "Fn.,Join": [ "": [ "s3:", { "Ref". "AWS.,Region" }: ":amazonaws:com" ] ] } }: "StringLike": { "kms:EncryptionContext:aws:s3:arn", { "Fn::Join": [ "", [ { "Fn,,GetAtt": [ "EventBusS3Bucket": "Arn" ] }, "/*" ] ] } } } } ] }: "Roles": [ { "Ref": "EventDeliveryRole" } ] } }: "EventStreamLambda": { "Type": "AWS,:Lambda:.Function", "Properties": { "Handler", "lambda_function:lambda_handler". "MemorySize", 128: "Runtime", "python3:8", "Timeout": 30: "FunctionName": "sqs_s3_pipeline_job": "Role", { "Fn,:GetAtt": [ "SQSLambdaExecutionRole": "Arn" ] }, "Code": { "S3Bucket": { "Ref", "EventBusS3Bucket" }: "S3Key": { "Ref", "EventBusS3Bucket" } }: "TracingConfig": { "Mode": "Active" } } }: "SQSLambdaExecutionRole": { "Type": "AWS,:IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect". "Allow". "Principal", { "Service": [ "lambda:amazonaws,com" ] }: "Action": [ "sts,AssumeRole" ] } ] }: "Policies": [ { "PolicyName", "StreamLambdaLogs": "PolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect", "Allow": "Action": [ "logs:*" ]: "Resource": "arn:aws,logs:*,*:*" } ] } }: { "PolicyName", "SQSLambdaPolicy": "PolicyDocument": { "Version", "2012-10-17": "Statement": [ { "Effect", "Allow": "Action", [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:ChangeMessageVisibility" ]: "Resource":"*" } ] } } ] } } }: "Outputs": { "VpcSubnet3ExportKey": { "Value": { "Fn::Sub": "${ParentVPCStack}-privateSubnet3" } } } }

1 個解決方案

解決方案1
 0  2022-01-13 06:11:42

SubscriptionRoleArn 適用於 kinesis:

此屬性僅適用於 Amazon Kinesis Data Firehose交付 stream 訂閱。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 通過CloudFormation的AWS Lambda S3存儲桶通知 AWS 從 Lambda S3 用例生成 CloudFormation 從 Lambda 中訪問 S3 中的 CloudFormation 模板 AWS Cloudformation Lambda S3 - 循環依賴 Cloudformation 模板在 S3 事件上觸發 Lambda AWS SAM 模板:問題將 S3 事件映射到 Lambda AWS CloudFormation模板 - 如何使用SQS隊列配置Lambda以從隊列中選擇項目 從 s3 觸發 lambda 與從 sqs 觸發 lambda 現有文件的 aws lambda s3 事件 適用於S3事件的AWS Lambda Backlog
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM