AWS组织创建账户自动化，nodeJs Lambdas不创建账户.CloudWatch中没有错误消息，也没有错误日志.如

我使用AWS Nodejs Lambda在AWS Organizations中自动化Create Account过程，并使用Serverless框架部署lambda。

以下是Serverless.yml:

functions:
fnPostOrganizations:
name: fnPostOrganizations 
handler: src/Organizations/fnPostOrganizations.fnPostOrganizations
events:
- http:
path: /organizations/create_account
method: POST
request:
parameters:
querystrings:
name: true
token: false
orgUnit: true
memorySize: 256
timeout: 900
logRetentionInDays: 1
iamRoleStatementsName: fnPostOrganizations-${self:provider.stage}
iamRoleStatements:
- Effect: 'Allow'
Action:
- 'organizations:*'
Resource: '*'

querystrings参数目前并不重要。这里的一个可能问题是iamRoleStatements，它允许Lambda在组织中创建帐户。但如果是这样的话，我应该得到一个错误日志，上面写着not authorized或类似的内容。这并没有发生。

以下是应该使用NodeJs-16x和SDK V3:创建组织帐户的实际代码

'use strict'
const { OrganizationsClient, CreateAccountCommand } = require("@aws-sdk/client-organizations")
const client = new OrganizationsClient({ region: "us-east-1" });
console.log('🚀 client', client)

const postOrganizationsCreateAccount = async () => {
try {
console.log('🚀 START postOrganizationsCreateAccount')
const params = {
AccountName: 'testIg',
Email: `awsTestIg@test.com`,
IamUserAccessToBilling: 'DENY'
}
console.log('🚀 params', params)
const command = new CreateAccountCommand(params)
console.log('🚀 command', command)
const createAccountResponse = await client.send(command)
console.log('🚀 createAccountResponse', createAccountResponse)

return createAccountResponse
} catch (error) {
console.log('🚀 postOrganizationsCreateAccount - error.stack:', error.stack)
return error.stack
}
}

我正在关注组织客户端-AWS SDK for JavaScript v3文档，以便创建de account。

以下是Cloudwacth日志中的输出：

2022-10-16T17:14:50.989Z    undefined   INFO    🚀 client OrganizationsClient {
middlewareStack: {
add: [Function: add],
addRelativeTo: [Function: addRelativeTo],
clone: [Function: clone],
use: [Function: use],
remove: [Function: remove],
removeByTag: [Function: removeByTag],
concat: [Function: concat],
applyToStack: [Function: cloneTo],
identify: [Function: identify],
resolve: [Function: resolve]
},
config: {
apiVersion: '2016-11-28',
disableHostPrefix: false,
logger: {},
regionInfoProvider: [AsyncFunction: defaultRegionInfoProvider],
serviceId: 'Organizations',
urlParser: [Function: parseUrl],
region: [AsyncFunction: region],
runtime: 'node',
defaultsMode: [AsyncFunction (anonymous)],
base64Decoder: [Function: fromBase64],
base64Encoder: [Function: toBase64],
bodyLengthChecker: [Function: calculateBodyLength],
credentialDefaultProvider: [Function (anonymous)],
defaultUserAgentProvider: [AsyncFunction (anonymous)],
maxAttempts: [AsyncFunction (anonymous)],
requestHandler: NodeHttpHandler { metadata: [Object], configProvider: [Promise] },
retryMode: [AsyncFunction (anonymous)],
sha256: [Function: bound Hash],
streamCollector: [Function: streamCollector],
useDualstackEndpoint: [AsyncFunction (anonymous)],
useFipsEndpoint: [AsyncFunction: useFipsEndpoint],
utf8Decoder: [Function: fromUtf8],
utf8Encoder: [Function: toUtf8],
tls: true,
endpoint: [Function (anonymous)],
isCustomEndpoint: false,
retryStrategy: [AsyncFunction: retryStrategy],
systemClockOffset: 0,
signingEscapePath: true,
credentials: [AsyncFunction (anonymous)],
signer: [Function: signer],
customUserAgent: undefined
}
}
2022-10-16T17:14:50.995Z    91b515e5-aa3c-4eb1-a6ba-7d12fd0beef5    INFO    🚀 START postOrganizationsCreateAccount
2022-10-16T17:14:50.995Z    91b515e5-aa3c-4eb1-a6ba-7d12fd0beef5    INFO    🚀 params {
AccountName: 'testIg',
Email: 'awsTestIg@test.com',
IamUserAccessToBilling: 'DENY'
}
2022-10-16T17:14:50.996Z    91b515e5-aa3c-4eb1-a6ba-7d12fd0beef5    INFO    🚀 command CreateAccountCommand {
middlewareStack: {
add: [Function: add],
addRelativeTo: [Function: addRelativeTo],
clone: [Function: clone],
use: [Function: use],
remove: [Function: remove],
removeByTag: [Function: removeByTag],
concat: [Function: concat],
applyToStack: [Function: cloneTo],
identify: [Function: identify],
resolve: [Function: resolve]
},
input: {
AccountName: 'testIg',
Email: 'awsTestIg@test.com',
IamUserAccessToBilling: 'DENY'
}
}
END RequestId: 91b515e5-aa3c-4eb1-a6ba-7d12fd0beef5
REPORT RequestId: 91b515e5-aa3c-4eb1-a6ba-7d12fd0beef5  Duration: 145.74 ms Billed Duration: 146 ms Memory Size: 256 MB Max Memory Used: 82 MB  Init Duration: 414.12 ms    

似乎一切都很顺利，直到它发出命令await client.send(command)的那一刻。在那之后，我就没有任何日志输出了。也没有error。

如果我使用AWS CLI执行相同的过程，我会得到以下结果：

命令：aws organizations create-account --email testIgn@example.com --account-name "testIgName" --iam-user-access-to-billing "DENY"

输出：

{
"CreateAccountStatus": {
"Id": "car-b4be21e04bfwert6wdgf",
"AccountName": "testIgName",
"State": "IN_PROGRESS",
"RequestedTimestamp": "2022-10-14T15:59:26.737000-04:00"
}
}

并且该帐户是在组织中创建的。

在CreateAccountCommand文档中，它写道：

Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account...

但是，即使它是一个异步进程，我也应该通过本文档获得CreateAccountResponse。

在这一点上，我不知道发生了什么，也不知道如何解决这个问题。知道吗？