以下内容:https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function以及一些在线挖掘,似乎没有办法通过tf中的lambda function资源向lambda函数添加触发器。在我的例子中:在特定的S3 bucket上创建任何触发lambda函数的对象。
有变通办法吗?
从文档中,这些是创建lambda函数和S3触发器所需的资源:
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow"
}
]
}
EOF
}
resource "aws_lambda_permission" "allow_bucket" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.func.arn
principal = "s3.amazonaws.com"
source_arn = aws_s3_bucket.bucket.arn
}
resource "aws_lambda_function" "func" {
filename = "your-function.zip"
function_name = "example_lambda_name"
role = aws_iam_role.iam_for_lambda.arn
handler = "exports.example"
runtime = "go1.x"
}
resource "aws_s3_bucket" "bucket" {
bucket = "your-bucket-name"
}
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = aws_s3_bucket.bucket.id
lambda_function {
lambda_function_arn = aws_lambda_function.func.arn
events = ["s3:ObjectCreated:*"]
filter_prefix = "AWSLogs/"
filter_suffix = ".log"
}
depends_on = [aws_lambda_permission.allow_bucket]
}
对于这种情况或任何其他外部源(如EventBridge规则、SNS等(,为了获得访问Lambda函数的权限,您可以依赖此TF资源:aws_lambda_permission。
如何将其与各种其他来源结合使用,在这里有明确的解释——https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission.html
希望它能有所帮助!