如何解决无法执行 lambda 函数确保您已授予 CloudWatch Logs 执行您的函数的权限
我想根据日志组中的事件触发 lambda 函数。这是我的 cdk
const glueLogGroup = new LogGroup(this,'LogGroup',{
logGroupName: '/aws-glue/crawlers'
});
const lambdaFunction = new lambda.Function(this,'crawlerStatusMonitorFunction',{
runtime: lambda.Runtime.NODEJS_12_X,handler: 'index.handler',code: lambda.Code.fromInline('exports.handler = (event,context,callback) => {\n' +
' // Todo implement\n' +
' callback(null,\'Hello from Lambda\');\n' +
'};')
});
const lambdaPolicy = new PolicyStatement({
effect: Effect.ALLOW,resources: ['*'],actions: ['*']
});
lambdaFunction.addToRolePolicy(lambdaPolicy);
new lambda.CfnPermission(this,'resourcePolicyForLambdaFunction',{
action: 'lambda:InvokeFunction',principal: 'logs.us-east-1.amazonaws.com',functionName: lambdaFunction.functionName,sourceArn: `${glueLogGroup.logGroupArn}:*`,sourceAccount: accountId.valueAsstring
});
glueLogGroup.addSubscriptionFilter('lambda',{
destination: new eventTargets.LambdaFunction(lambdaFunction),filterPattern: FilterPattern.allEvents()
});
这是上面cdk生成的cloudformation中lambda的资源策略:
"resourcePolicyForLambdaFunction": {
"Type": "AWS::Lambda::Permission","Properties": {
"Action": "lambda:InvokeFunction","FunctionName": {
"Ref": "crawlerStatusMonitorFunction78ACA584"
},"Principal": "logs.us-east-1.amazonaws.com","SourceAccount": {
"Ref": "accountId"
},"SourceArn": {
"Fn::Join": [
"",[
{
"Fn::GetAtt": [
"LogGroupF5B46931","Arn"
]
},":*"
]
]
}
}
}
每当我尝试从 cloudformation 创建堆栈时,我都会收到此错误。
无法执行 lambda 函数。确保您已授予 CloudWatch Logs 执行您的函数的权限
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
