在内网部署lambda。创建Lambda函数(%1)时出错: ValidationException状态代码: 400,请求id
在内网部署lambda。创建Lambda函数(%1)时出错: ValidationException状态代码: 400,请求id
提问于 2021-07-19 14:46:43
我正在尝试使用terraform将nodejs lambda zip文件部署到私有子网自定义vpc中。地形平面图运行良好。但在应用更改时会抛出错误。角色被创建了,但是terraform lambda没有部署并立即出错。错误是:“创建Lambda函数(1)时出错: ValidationException:状态代码: 400,请求id...”
此lambda将由cloud watch-event调用。
与VPC角色有什么关系?
//calling module
module "lambda" {
providers = {
aws.programmatic = aws.programmatic
}
source = "../modules/lambda"
description = var.description
filename = "${path.module}/filename.zip}"
function_name = "rfcsyncfunc"
handler = "index.handler"
memory_size = 512
publish = false
reserved_concurrent_executions = 20
runtime = "nodejs14.x"
source_code_hash = filebase64sha256(var.filename)
timeout = 90
vpc_config = {
security_group_ids = ["sg-123456789"]
subnet_ids = ["xx.xx.xxx.xxx/27","xx.xx.xx.xx/27"] //["subnet-1", "subnet-2"]
}
environment = {
variables = {
TEST1API_URL = "https://example.com/test.asmx"
TEST2API_URL = "https://example.com/test/staging/test2.asmx"
}
}
}//lambda module
provider aws {
alias = "programmatic"
}
resource "aws_lambda_function" "lambda" {
description = var.description
dynamic "environment" {
for_each = length(var.environment) < 1 ? [] : [var.environment]
content {
variables = environment.value.variables
}
}
filename = var.s3_bucket == "" ? var.filename : null
function_name = var.function_name
handler = var.handler
memory_size = var.memory_size
publish = var.publish
reserved_concurrent_executions = var.reserved_concurrent_executions
role = aws_iam_role.lambda.arn
runtime = var.runtime
source_code_hash = var.source_code_hash
tags = var.tags
timeout = var.timeout
dynamic "vpc_config" {
for_each = length(var.vpc_config) < 1 ? [] : [var.vpc_config]
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}
data "aws_iam_policy_document" "assume_role_policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["lambda.amazonaws.com"]
}
}
}
resource "aws_iam_role" "lambda" {
name = "${var.function_name}-lambdarole"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
permissions_boundary = var.permissions_boundary
}
resource "aws_iam_role_policy_attachment" "cloudwatch_logs" {
role = aws_iam_role.lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
resource "aws_iam_role_policy_attachment" "vpc_eniattachment" {
count = length(var.vpc_config) < 1 ? 0 : 1
role = aws_iam_role.lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess"
}
/*
resource "aws_iam_role_policy_attachment" "vpc_attachment" {
count = length(var.vpc_config) < 1 ? 0 : 1
role = aws_iam_role.lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
}
*/module/clouwatchevent
resource "aws_lambda_permission" "cloudwatch" {
count = var.enable ? 1 : 0
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = var.lambda_function_arn
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.lambda[count.index].arn
}
resource "aws_cloudwatch_event_rule" "lambda" {
count = var.enable ? 1 : 0
description = var.description
event_pattern = var.event_pattern
is_enabled = var.is_enabled
name = var.name
name_prefix = var.name_prefix
schedule_expression = var.schedule_expression
}
resource "aws_cloudwatch_event_target" "lambda" {
count = var.enable ? 1 : 0
rule = aws_cloudwatch_event_rule.lambda[count.index].name
arn = var.lambda_function_arn
}回答 1
Stack Overflow用户
发布于 2021-10-12 10:56:32
只是分享我的案例,希望能节省别人的时间。我删除了环境变量键名中的连字符,它就可以工作了。从KEY-NAME到KEY_NAME。我看到有些人也通过删除函数名中的字符来解决问题。ValidationException错误消息相当模糊。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/68436166
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号