我正在尝试编纂要使用 S3 触发的 lambda 函数。创建 Lambda 函数成功,但"aws_s3_bucket_notification"资源在terraform:apply失败MethodNotAllowed并出现status code 405错误:
Error: Error applying plan:
20-Sep-2018 15:23:53 1 error(s) occurred:
20-Sep-2018 15:23:53 * aws_s3_bucket_notification.my-trigger: 1 error(s) occurred:
20-Sep-2018 15:23:53 * aws_s3_bucket_notification.my-trigger: Error putting S3 notification configuration: MethodNotAllowed: The specified method is not allowed against this resource.
20-Sep-2018 15:23:53 status code: 405, request id:<hidden>, host id:<hidden>
这是我设置通知触发器的代码:
resource "aws_s3_bucket_notification" "my-trigger" {
bucket = "my-bucket"
lambda_function {
lambda_function_arn = "${aws_lambda_function.my-function.arn}"
events = ["s3:ObjectCreated:*"]
filter_prefix = "file-prefix"
filter_suffix = "file-extension"
}
}
以下是从 S3 触发 Lambda 的权限:
resource "aws_lambda_permission" "s3-lambda-permission" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.my-function.arn}"
principal = "s3.amazonaws.com"
source_arn = "arn:aws:s3:::my-bucket"
}
提前感谢!
所以我尝试了与你相同的设置,
...
// lambda resource
resource "aws_s3_bucket_notification" "my-trigger" {
bucket = "my-bucket"
lambda_function {
lambda_function_arn = "${aws_lambda_function.my-function.arn}"
events = ["s3:ObjectCreated:*"]
filter_prefix = "AWSLogs/"
filter_suffix = ".txt"
}
}
resource "aws_lambda_permission" "test" {
statement_id = "AllowS3Invoke"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.my-function.arn}"
principal = "s3.amazonaws.com"
source_arn = "arn:aws:s3:::my-bucket"
}
...
我的 S3 存储桶策略如下所示:
{
"Version": "2012-10-17",
"Id": "AWSConsole-AccessLogs-Policy-1534800162725",
"Statement": [
{
"Sid": "AWSConsoleStmt-1534800162725",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/AWSLogs/123456789012/*"
}
]
}
并且已成功创建 s3 通知。
所以我认为现在你应该检查两件事:
确保您的aws_lambda_permission是在 s3 通知之前实际创建的。我使用的是 terraform 0.10.2,但以前的版本中可能存在错误,因此在 s3 通知之前不会创建此 lambda 权限。
检查您的 s3 存储桶策略。它可能明确拒绝 lambda 访问。如果有的话,一定要摆脱它们。