如何解决在 Cloudformation 模板上获取 Dynamodb VPC 端点的错误
我是 cft 的新手,我是 VpcID 函数的 !ref 并且我参数化为 vpcIds,我需要将 vpcid 作为 dynamodb endpont 的必填字段。有人可以建议我如何传递这个 vpcId 。
AWstemplateFormatVersion: 2010-09-09
Resources:
LambdaFunction:
Type: 'AWS::Lambda::Function'
Properties:
Code:
ZipFile: |
const AWS = require('aws-sdk');//code goes here
FunctionName:
Ref: LambdaFuncName
Handler: index.handler
Runtime: nodejs14.x
Role: !GetAtt IAMRole.Arn
VpcConfig:
SecurityGroupIds:
Ref: SecurityGroups
subnetIds:
Ref: subnets
DependsOn:
- DynamoDBTable
DynamoDBTable:
Type: 'AWS::DynamoDB::Table'
Properties:
TableName:
Ref: DynamoDBTableName
AttributeDeFinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: '5'
WriteCapacityUnits: '5'
DependsOn:
- IAMRole
APIGatewayRestAPI:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name:
Ref: APIName
DependsOn:
- LambdaFunction
APIGatewayResource:
Type: 'AWS::ApiGateway::Resource'
Properties:
RestApiId: !Ref APIGatewayRestAPI
ParentId: !GetAtt
- APIGatewayRestAPI
- RootResourceId
PathPart:
Ref: LambdaFuncName
DependsOn:
- APIGatewayRestAPI
APIGatewayMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
RestApiId: !Ref APIGatewayRestAPI
ResourceId: !Ref APIGatewayResource
HttpMethod: POST
AuthorizationType: NONE
MethodResponses:
- StatusCode: 200
Integration:
Type: AWS
IntegrationResponses:
- StatusCode: 200
IntegrationHttpMethod: POST
Uri: !Sub
- >-
arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFuncNameArn}/invocations
- LambdaFuncNameArn: !GetAtt LambdaFunction.Arn
DependsOn:
- APIGatewayResource
APIGatewayDeployment:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref APIGatewayRestAPI
StageName:
Ref: EnvironmentName
DependsOn:
- APIGatewayMethod
APIGatewayPermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt LambdaFunction.Arn
Principal: apigateway.amazonaws.com
DependsOn:
- APIGatewayDeployment
IAMRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: Policy_api-lambda-db
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'dynamodb:BatchGetItem'
- 'dynamodb:BatchWriteItem'
- 'dynamodb:TagResource'
- 'dynamodb:UntagResource'
- 'dynamodb:PutItem'
- 'dynamodb:DeleteItem'
- 'dynamodb:GetItem'
- 'dynamodb:Scan'
- 'dynamodb:Query'
- 'dynamodb:UpdateItem'
Resource: '*'
- Effect: Allow
Action:
- 'logs:CreateLogStream'
- 'logs:CreateLogGroup'
- 'logs:PutLogEvents'
Resource: '*'
- Effect: Allow
Action:
- 'ec2:DescribeNetworkInterfaces'
- 'ec2:CreateNetworkInterface'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DescribeInstances'
- 'ec2:AttachNetworkInterface'
Resource: '*'
DynamoDBEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
ServiceName: !Sub "com.amazonaws.${AWS::Region}.dynamodb"
VpcId: !Ref VpcID
PolicyDocument: {
"Id": "Policy","Version": "2012-10-17","Statement": [
{
"Sid": "Statement","Action": "dynamodb:*","Effect": "Allow","Resource": "arn:aws:dynamodb:us-east-1:123412341234:table/test","Principal": "*"
}
]
}
VpcID:
Type: 'AWS::EC2::VPC'
Properties:
Name:
Ref: vpcId
Parameters:
LambdaFuncName:
Type: String
Default: Lambda_api-lambda-db
DynamoDBTableName:
Type: String
Default: Dynamo_api-lambda-db
APIName:
Type: String
Default: API_api-lambda-db
EnvironmentName:
Type: String
Default: Prod
SecurityGroups:
Type: 'List<AWS::EC2::SecurityGroup::Id>'
subnets:
Type: 'List<AWS::EC2::subnet::Id>'
vpcId:
Type: 'AWS::EC2::VPC::Id'
这里我遇到错误在创建 VpcID 时遇到不受支持的属性名称,我的主要重点是在 vpc 中创建 lambda 并创建一个 dynamodb 端点以私下访问 dynamodb。请就此给我建议。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
