我正在尝试从一个 AWS lambda 调用另一个 AWS lambda 并执行 lambda 链接。这样做的理由是 AWS 不提供来自同一 S3 存储桶的多个触发器。
我创建了一个带有 s3 触发器的 lambda。第一个 lambda 的 java 代码将侦听 S3 事件,并包含对另一个 lambda 的调用。第二个 lambda 将从第一个 lambda 调用。这两个lambda的创建都是通过terraform完成的。
Lambda A 具有 S3 触发器。这将在特定存储桶上的 S3 事件上调用。Lambda A 将执行处理,并使用调用请求调用 Lambda B。来自 Java 中 Lambda A 代码的 Lambda B 调用是:
public class EventHandler implements RequestHandler<S3Event, String> {
@Override
public String handleRequest(S3Event event, Context context) throws RuntimeException {
InvokeRequest req = new InvokeRequest()
.withFunctionName("LambdaFunctionB")
.withPayload(json);
return "Lambda B invoked"
}
}
这两个 lambda 都是使用地形创建的。脚本如下:
Lambda A terraform:
module "lambda_function" {
source = "Git Path"
absolute_artifact_path = "../lambda.jar"
lambda_function_name = "LambdaFunctionA"
lambda_function_description = ""
lambda_function_runtime = "java8"
lambda_handler_name = "EventHandler"
lambda_execution_role_name = "lambda-iam-role"
lambda_memory = "512"
dead_letter_target_arn = "error-handling-arn"
}
resource "aws_lambda_permission" "allow_bucket" {
statement_id = "statementId"
action = "lambda:InvokeFunction"
function_name = "${module.lambda_function.lambda_arn}"
principal = "s3.amazonaws.com"
source_arn = "s3.bucket.arn"
}
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = "bucketName"
lambda_function {
lambda_function_arn = "${module.lambda_function.lambda_arn}"
events = ["s3:ObjectCreated:*"]
filter_prefix = "path/subPath"
}
}
Lambda B terraform:
module "lambda_function" {
source = "git path"
absolute_artifact_path = "../lambda.jar"
lambda_function_name = "LambdaFunctionB"
lambda_function_description = ""
lambda_function_runtime = "java8"
lambda_handler_name = "LambdaBEventHandler"
lambda_execution_role_name = "lambda-iam-role"
lambda_memory = "512"
dead_letter_target_arn = "error-handling-arn"
}
resource "aws_lambda_permission" "allow_lambda" {
statement_id = "AllowExecutionFromLambda"
action = "lambda:InvokeFunction"
function_name = "${module.lambda_function.lambda_arn}"
principal = "s3.amazonaws.com"
source_arn = "arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:LambdaFunctionA"
}
lambda-iam-role 附加了以下策略
AmazonS3FullAccess
AWSLambdaBasicExecutionRole
AWSLambdaVPCAccessExecutionRole
AmazonSNSFullAccess
CloudWatchEventsFullAccess
期望 LambdaA 应该成功调用 Lambda B。但是我在 Lambda A 日志中收到访问拒绝异常,它无法调用 Lambda B.错误是
com.amazonaws.services.lambda.model.AWSLambdaException: User: arn:aws:sts::xxxxxxxxx:assumed-role/lambda-iam-role/LambdaFunctionA is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:eu-west-1:xxxxxxxxx:function:LambdaFunctionB (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: f495ede3-b3cb-47a1-b884-16996545233d)
- 希望这对您有所帮助,不完全相似,但它从另一个 lambda Github 调用一个 lambda 我认为lambda
- 也需要这个策略"lambda:InvokeFunction">
我在网上找到了答案,使用 aws-sdk。
var aws = require('aws-sdk');
var lambda = new aws.Lambda({
region: 'default'
});
lambda.invoke({
FunctionName: 'name_of_your_lambda_function',
Payload: JSON.stringify(event, null, 2) // pass params
}, function(error, data) {
if (error) {
context.done('error', error);
}
if(data.Payload){
context.succeed(data.Payload)
}
});
您可以在此处找到文档:http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html
希望对你有帮助 :)