無法使用 CDK 創建 AWS Lambda function
[英]Could not create an AWS Lambda function using CDK
問題描述
我是 CDK 的新手,我想使用 CDK.cdk synth 創建簡單的 lamda function 沒有錯誤,但是當我運行cdk deploy --profile myprofile時出現此錯誤
資源處理程序返回消息:“用戶:arn:aws:sts::xxxxx:assumed-role/cdk-hnb659fds-cfn-exec-role-xxxx-ap-south-1/AWSCloudFormation 無權執行:lambda:CreateFunction on resource: arn:aws:lambda:ap-south-1:xxxxx:function:ApiLamdaStack-helloLamda938CC02A-jS7q9y9UlOUa because no identity-based policy allows the lambda:CreateFunction action (Service: Lambda, Status Code: 403, Request ID: 61895893- bf12-48bf-a51a-dbcf11fc17d8)”(請求令牌:0e3ec851-6bd2-9ef3-751c-a3a947a72668,HandlerErrorCode:AccessDenied)
這是源代碼
bin/api_lamda.ts
#!/usr/bin/env node
import 'source-map-support/register';
import * as cdk from 'aws-cdk-lib';
import { ApiLamdaStack } from '../lib/api_lamda-stack';
const app = new cdk.App();
new ApiLamdaStack(app, 'ApiLamdaStack', {
env: { account: 'xxx', region: 'yyy' },
});
lib\api_lamda-stack.ts
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { Code, Function as LamdaFunction, Runtime } from 'aws-cdk-lib/aws-lambda';
import { join } from 'path';
import { Effect, PolicyStatement, CfnPolicy } from 'aws-cdk-lib/aws-iam';
export class ApiLamdaStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new iam.Role(this, 'example-iam-role', {
assumedBy: new iam.ServicePrincipal('cloudformation.amazonaws.com'),
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName(
'AWSLambda_FullAccess',
),
],
});
const helloLamda = new LamdaFunction(this, 'helloLamda', {
runtime: Runtime.NODEJS_16_X,
code: Code.fromAsset(join(__dirname, '..', 'services', 'hello')),
handler: 'hello.main'
})
}
}
cdk.json
{
"app": "npx ts-node --prefer-ts-exts bin/apiLamda.ts",
"watch": {
"include": [
"**"
],
"exclude": [
"README.md",
"cdk*.json",
"**/*.d.ts",
"**/*.js",
"tsconfig.json",
"package*.json",
"yarn.lock",
"node_modules",
"test"
]
},
"context": {
"@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
"@aws-cdk/core:stackRelativeExports": true,
"@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
"@aws-cdk/aws-lambda:recognizeVersionProps": true,
"@aws-cdk/aws-lambda:recognizeLayerVersion": true,
"@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
"@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
"@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
"@aws-cdk/core:checkSecretUsage": true,
"@aws-cdk/aws-iam:minimizePolicies": true,
"@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
"@aws-cdk/core:validateSnapshotRemovalPolicy": true,
"@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
"@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
"@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
"@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
"@aws-cdk/core:enablePartitionLiterals": true,
"@aws-cdk/core:target-partitions": [
"aws",
"aws-cn"
]
}
}
我只想通過 CDK 創建 lamda,有人可以建議我該怎么做嗎?
該解決方案似乎將角色附加到 cloudformation 以能夠創建 lambda function,我已經更改了lib\api_lamda-stack.ts請看一下
2 個解決方案
解決方案1
2 2023-01-29 14:21:26
問題不在您的 cdk 代碼中。 它說 cdk 角色cdk-hnb659fds-cfn-exec-role-xxxx-ap-south-1/AWSCloudFormation未被授權lambda:CreateFunction 。
檢查您的個人資料權限。
解決方案2
0 2023-02-03 06:29:06
感謝 gshpychka 和 Mehmet,確實 cdk bootstrap 有問題,我必須完全清除由 cdktoolkit 堆棧創建的資源,包括 s3 和 ssm 參數存儲,它們由於沒有被刪除而造成障礙,所以完全清理確保引導創建完成然后部署成功.
使用 CDK 創建步驟 Function 並依賴於不同項目擁有的其他 AWS 資源(如 Lambda)
[英]Using CDK to Create a Step Function With Dependencies on Other AWS Resources (Like a Lambda) Owned By Different Projects
AWS CDK:如何使用 Typescript 創建 Docker Lambda 函數?
[英]AWS CDK: How to create a Docker Lambda function with Typescript?
在一個項目中使用具有 2 種不同語言的 aws cdk 創建 lambda
[英]Create lambda using aws cdk with 2 different language in one project
AWS CDK:Lambda 基於資源的策略,用於帶有別名的 function
[英]AWS CDK: Lambda resource based policy for a function with an alias
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
AWS CDK - 在 Lambda Function 中有條件地創建角色
使用 CDK 創建步驟 Function 並依賴於不同項目擁有的其他 AWS 資源(如 Lambda)
AWS CDK:如何使用 Typescript 創建 Docker Lambda 函數?
在一個項目中使用具有 2 種不同語言的 aws cdk 創建 lambda
AWS CDK:如何在沒有代碼的情況下創建 lambda
AWS TS CDK如何執行 Lambda function
由於“無效的 Lambda 函數”,AWS CDK 部署失敗
AWS CDK Lambda function_from_arn 未按預期工作
如何使用 AWS CLI 創建 AWS Lambda 函數?
AWS CDK:Lambda 基於資源的策略,用於帶有別名的 function
相關標簽