我正在创建一个Lambda函数,它的处理程序代码存储在S3存储桶中。我需要创建这些资源,我正在使用Terraform。
S3存储桶似乎取决于Lambda的ARN输出,因此我可以为存储桶设置正确的Principal配置。
Lambda还依赖于现有的S3 bucket,因此我可以配置存储处理程序代码的bucket。
我有两个模块创建所需的资源
# S3 Bucket module
resource "aws_s3_bucket" "s3-lambda" {
bucket = var.bucket_name
acl = "private"
policy = data.aws_iam_policy_document.s3_lambda_permissions.json
tags = {
Name = var.tag_name
Environment = var.env_name
}
}
# Lambda module
resource "aws_lambda_function" "redirect_lambda" {
s3_bucket = var.bucket_name
s3_key = var.key
handler = var.handler
runtime = var.runtime
role = aws_iam_role.redirect_lambda.arn
function_name = "redirect_lambda-${var.env_name}"
publish = true
}
然后我在main.tf中调用这些模块
module "qr_redirect_lambda" {
source = "./modules/qr-redirect"
env_name = var.env_name
bucket_name = var.qr_redirect_lambda_bucket_name
key = var.lambda_key
runtime = var.lambda_runtime_16
handler = var.lambda_handler
tag_name = "tag name
}
如何创建这两个相互依赖的资源?
错误输出:
Error: error creating Lambda Function (1): InvalidParameterValueException: Error occurred while GetObject. S3 Error Code: NoSuchBucket. S3 Error Message: The specified bucket does not exist
│ {
│ RespMetadata: {
│ StatusCode: 400,
│ RequestID: "xxx-xxx"
│ },
│ Message_: "Error occurred while GetObject. S3 Error Code: NoSuchBucket. S3 Error Message: The specified bucket does not exist",
│ Type: "User"
│ }
│
│ with module.qr_redirect_lambda.aws_lambda_function.qr_redirect_lambda,
│ on modules/qr-lambda/main.tf line 1, in resource "aws_lambda_function" "qr_redirect_lambda":
│ 1: resource "aws_lambda_function" "qr_redirect_lambda" {
我认为你可以分三个阶段来完成,而不是两个阶段:
- 创建没有bucket策略的bucket
- 创建lambda。只能使用
depends_on在bucket之后创建lambda - 使用aws_s3_bucket_policy创建bucket策略