Serverless 配置文件构建成功,但尽管 IAM 策略具有完全权限,但部署仍失败。日志仅指示直至以下消息的进度:“未找到部署存储桶。正在更新堆栈以包括部署存储桶定义。确保部署存储桶存在。”尝试运行无服务器部署命令时会出现此问题。
useDotenv: true
service: ${env:NAME}
plugins:
- serverless-dotenv-plugin
- serverless-webpack
provider:
name: aws
runtime: nodejs18.x
region: ap-south-1
versionFunctions: false
resources:
Resources:
lambdaCogRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${env:NAME}-${env:STAGE}-lambda-ddb-role
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- !GetAtt lambdaCognitoAdminGetUserPolicy
lambdaCognitoAdminGetUserPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*:*:*"
- Effect: Allow
Action:
- cognito-idp:AdminGetUser
- cognito-idp:AdminSetUserMFAPreference
- cognito-idp:ListUsers
- cognito-idp:AdminLinkProviderForUser
- cognito-idp:AdminUpdateUserAttributes
- cognito-idp:InvokeFunction
Resource: !Sub "arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${CognitoUserPool}"
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: ${env:NAME}-${env:STAGE}-user-pool
AutoVerifiedAttributes:
- email
UsernameConfiguration:
CaseSensitive: true
MfaConfiguration: OFF
UsernameAttributes:
- email
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
RequireSymbols: true
RequireUppercase: true
Schema:
- Name: email
AttributeDataType: String
Mutable: false
Required: true
CognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: ${env:NAME}-${env:STAGE}-user-pool-client
GenerateSecret: false
SupportedIdentityProviders:
- Google
- COGNITO
CallbackURLs:
- ${env:CALLBACK_URL}
LogoutURLs:
- ${env:LOGOUT_URL}
AllowedOAuthFlows:
- implicit
AllowedOAuthScopes:
- email
- openid
- aws.cognito.signin.user.admin
- profile
- phone
ExplicitAuthFlows:
- ALLOW_REFRESH_TOKEN_AUTH
- ALLOW_USER_SRP_AUTH
AllowedOAuthFlowsUserPoolClient: true
UserPoolId: !Ref CognitoUserPool
CognitoUserPoolDomain:
Type: AWS::Cognito::UserPoolDomain
Properties:
Domain: ${env:NAME}-${env:STAGE}
UserPoolId: !Ref CognitoUserPool
Outputs:
MyAppUserPoolId:
Description: The Id of the Cognito User Pool
Value: !Ref CognitoUserPool
MyAppUserPoolClientId:
Description: The Id of the User Pool Client
Value: !Ref CognitoUserPoolClient
functions:
forgotPassword:
handler: functions/forgotPassword/index.handler
events:
- cognitoUserPool:
trigger: CustomMessage
pool: ${env:NAME}-${env:STAGE}-user-pool
existing: true
environment:
COGNITO_USER_POOL_ID: !Ref CognitoUserPool
postConfirmation:
handler: functions/postConfirmation/index.handler
events:
- cognitoUserPool:
trigger: PostConfirmation
pool: ${env:NAME}-${env:STAGE}-user-pool
existing: true
environment:
COGNITO_USER_POOL_ID: !Ref CognitoUserPool
resendCode:
handler: functions/resendCode/index.handler
events:
- cognitoUserPool:
trigger: CustomMessage
pool: ${env:NAME}-${env:STAGE}-user-pool
existing: true
environment:
COGNITO_USER_POOL_ID: !Ref CognitoUserPool
signUp:
handler: functions/signUp/index.handler
events:
- cognitoUserPool:
trigger: CustomMessage
pool: ${env:NAME}-${env:STAGE}-user-pool
existing: true
environment:
COGNITO_USER_POOL_ID: !Ref CognitoUserPool
custom:
webpack:
includeModules: true
excludeFiles: ./**/*.test.js
dotenv:
path: .env
尝试在提供程序块中添加现有的存储桶:
provider:
name: aws
runtime: nodejs18.x
region: ap-south-1
deploymentBucket:
name: my-custom-deployment-bucket #Update this with your bucket name
blockPublicAccess: true
部署存储桶必须与正在部署的资源位于同一区域。