通过 CloudFormation 通过在 s3 存储桶中上传代码来创建 lambda 函数

问题描述 投票:0回答:1

我已将函数代码 (.zip) 上传到 S3 存储桶(位于 

us-east-1
区域)。我想使用 CloudFormation 模板启动 lambda 函数。当我从 
us-east-1
区域启动模板时,出现 s3:getObject 错误。 s3 存储桶可公开访问。

Resource handler returned message: "Error occurred while GetObject. S3 Error Code: AuthorizationHeaderMalformed. S3 Error Message: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-west-1'

我正在使用下面的 YAML 模板。

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  MediaSuiteRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: "MyCustomRole"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: mediaconvert.amazonaws.com
            Action: sts:AssumeRole
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
          - Effect: Allow
            Principal:
              Service: translate.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        # AmazonAPIGatewayInvokeFullAccess
        - arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess
        # AmazonS3FullAccess
        - arn:aws:iam::aws:policy/AmazonS3FullAccess
        # AmazonTranscribeFullAccess
        - arn:aws:iam::aws:policy/AmazonTranscribeFullAccess
        # AWSElementalMediaConvertFullAccess
        - arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess
        # AWSLambdaBasicExecutionRole
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
        # AWSLambdaRole
        - arn:aws:iam::aws:policy/service-role/AWSLambdaRole
        # TranslateFullAccess
        - arn:aws:iam::aws:policy/TranslateFullAccess

      Policies:
        - PolicyName: CustomPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "iam:PassRole"
                Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/MediaSuiteRole"

  MyCustomLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Role: !GetAtt MediaSuiteRole.Arn
      Code:
        S3Bucket: lambda-functions-storage
        S3Key: myfirstlambdafunction.zip
      Handler: myfirstlambdafunction.app.lambda_handler
      Runtime: python3.12
      Architectures:
        - x86_64
      Environment:
        Variables:
          CustomVar1: "52CD6067149FAA49B1698C1025ACC26B"
          CustomVar2: "52CD6067149FAA49B1698C1025ACC26C"
amazon-web-services aws-lambda aws-cloudformation
1个回答
0
投票

根据 CloudFormation AWS 属性 Lambda 函数代码 

S3Bucket
An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account

请尝试创建新的 S3 存储桶 us-east-1 区域,使用新存储桶名称更新 CFN 模板并部署。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.