AWS CDK 由于“无效 Lambda 函数”而无法部署

发布于 2025-01-10 11:24:19 字数 9004 浏览 0 评论 0原文

我正在尝试将 Lambda 授权方添加到 AWS CDK 中的 REST API。

    const api = new apigw.RestApi(this, 'apiname', {
      defaultCorsPreflightOptions: {
        allowOrigins: apigw.Cors.ALL_ORIGINS
      }
    });

    const authorizerFunction = new lambda.Function(this, "authorizerFunction", {
      runtime: lambda.Runtime.PYTHON_3_7,
      handler: "lambda_function.lambda_handler",
      code: lambda.Code.fromAsset("lambda/authorizer"), 
      architecture: lambda.Architecture.X86_64,
      environment: db_env,
      layers:[psycopg2]
    });

    const apiAuthorizer = new apigw.CfnAuthorizer(this, 'apiAuthorizer', {
      name: 'apiAuthorizer',
      restApiId: api.restApiId,
      type: 'TOKEN',
      authorizerResultTtlInSeconds:0,
      identitySource: 'method.request.header.Authorization',
      authorizerUri:'arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/${authorizerFunction.functionArn}/invocations'
    });
    const auth = {authorizationType: apigw.AuthorizationType.CUSTOM, authorizer:{authorizerId: apiAuthorizer.attrAuthorizerId}}

...
    // The same parameters for every new method
    videos.addMethod('GET', new apigw.LambdaIntegration(videosGET, {proxy:true}), auth);

IDE 中没有弹出错误,Lambda 函数没有错误,应用程序引导正常。但部署时,出现如下错误:

apiAuthorizer 资源处理程序返回消息:“无效 lambda 函数(服务:ApiGateway,状态代码:400,请求 ID:asdfasdfdafsd,扩展请求 ID:null)”(RequestToken:fadsfasdfdasfds,HandlerErrorCode:AlreadyExists)

有谁知道为什么会这样正在发生吗?这是文档中任何地方此 lambda 函数或 id 的唯一实例,我已经用头撞墙好几天了,已经没有选择了。非常感谢!

日志:

✨  Synthesis time: 3.22s

current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-lookup-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
(To get rid of this warning, please upgrade to bootstrap version >= 8)
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-deploy-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
stack: deploying...
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-deploy-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
[0%] start: Publishing 97a39e50dc5a7b919754b7f8e605cd4e9d15f49977e1a5107ac03c064a3cb217:current_account-current_region
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-file-publishing-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
[7%] success: Published 97a39e50dc5a7b919754b7f8e605cd4e9d15f49977e1a5107ac03c064a3cb217:current_account-current_region
[7%] start: Publishing b2ebdbbab148e87676b6d14b657bf8fadf12d7f232588789baae1222218a3581:current_account-current_region
[15%] success: Published b2ebdbbab148e87676b6d14b657bf8fadf12d7f232588789baae1222218a3581:current_account-current_region
[15%] start: Publishing 67c32e703c1fcd33bf2b9291f317cb2f7be41fbe8d9a4379730799473c252b04:current_account-current_region
[23%] success: Published 67c32e703c1fcd33bf2b9291f317cb2f7be41fbe8d9a4379730799473c252b04:current_account-current_region
[23%] start: Publishing 2ef1a148088a2b5a315ad35aad59e4af0b1c08b98200fdf0929ba95287ee6ce5:current_account-current_region
[30%] success: Published 2ef1a148088a2b5a315ad35aad59e4af0b1c08b98200fdf0929ba95287ee6ce5:current_account-current_region
[30%] start: Publishing cad80074c492c1ea50399558f50f858e2d0e9ac90e1b4ad7ac109df0a2958a8a:current_account-current_region
[38%] success: Published cad80074c492c1ea50399558f50f858e2d0e9ac90e1b4ad7ac109df0a2958a8a:current_account-current_region
[38%] start: Publishing 6ef219049e232514e013788f0058412a730d86012227431aef2d1ab6f8c739bf:current_account-current_region
[46%] success: Published 6ef219049e232514e013788f0058412a730d86012227431aef2d1ab6f8c739bf:current_account-current_region
[46%] start: Publishing c060a4ac2428713dd0429976f19d01689cdbed20829405e999462d4b5334db70:current_account-current_region
[53%] success: Published c060a4ac2428713dd0429976f19d01689cdbed20829405e999462d4b5334db70:current_account-current_region
[53%] start: Publishing df2c8d783eac0311e9f0bdd4cc62b80e7ad03137e7ca44b6f7af6196f1dceffb:current_account-current_region
[61%] success: Published df2c8d783eac0311e9f0bdd4cc62b80e7ad03137e7ca44b6f7af6196f1dceffb:current_account-current_region
[61%] start: Publishing 1a495f5e7c52f2b689c3a3aa6c40cb9b89d8e897ed865efb4d2066cf61151bb7:current_account-current_region
[69%] success: Published 1a495f5e7c52f2b689c3a3aa6c40cb9b89d8e897ed865efb4d2066cf61151bb7:current_account-current_region
[69%] start: Publishing c232c99bbc9150c88cb39eca0ae34e8a6491f31839670dcc41a692afbbd754e1:current_account-current_region
[76%] success: Published c232c99bbc9150c88cb39eca0ae34e8a6491f31839670dcc41a692afbbd754e1:current_account-current_region
[76%] start: Publishing b56591fc6ac5a4be79c50276c852b1bcdb1110cdc5851b62d6b207f9a857b723:current_account-current_region
[84%] success: Published b56591fc6ac5a4be79c50276c852b1bcdb1110cdc5851b62d6b207f9a857b723:current_account-current_region
[84%] start: Publishing 267ee2b42557489195406d74f30103325942e372718394c680804b940a1d1d2d:current_account-current_region
[92%] success: Published 267ee2b42557489195406d74f30103325942e372718394c680804b940a1d1d2d:current_account-current_region
[92%] start: Publishing 44692731cceaa457073cb1adf697962b9aabf1682c976d725cd0f9831fdb493b:current_account-current_region
[100%] success: Published 44692731cceaa457073cb1adf697962b9aabf1682c976d725cd0f9831fdb493b:current_account-current_region
stack: creating CloudFormation changeset...
[··························································] (0/70)

11:03:08 AM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack       | stack
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsDEL
ETE/ServiceRole
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::CDK::Metadata               | CDKMeta
data/Default
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | videosP
OSTvideo_id/ServiceRole
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | job_pro
cessing/Role
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsPOS
[█▋························································] (2/70)

11:03:08 AM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack       | stack
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsDEL
ETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsPOS
T/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | api/CloudWatchRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | videosD
ELETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsGET
[█▋························································] (2/70)

11:03:08 AM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack       | SniprCd
kStack
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsDEL
ETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsPOS
T/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | api/CloudWatchRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | videosD
ELETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsGET
/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | process
[███▎······················································] (4/70)

11:03:08 AM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack       | stack
11:03:49 AM | CREATE_FAILED        | AWS::ApiGateway::Authorizer      | apiAuth
orizer
Resource handler returned message: "Invalid lambda function (Service: ApiGatewa
y, Status Code: 400, Request ID: 11647356-1231-436e-a12d-fba981480fa0, Extended
Request ID: null)" (RequestToken: 05331070-96b2-5d6d-5980-fea5af68b6ef, Handler
ErrorCode: AlreadyExists)


[███▎······················································] (4/70)

11:03:49 AM | CREATE_FAILED        | AWS::ApiGateway::Authorizer      | apiAuth
orizer
Resource handler returned message: "Invalid lambda function (Service: ApiGatewa
y, Status Code: 400, Request ID: 11647356-1231-436e-a12d-fba981480fa0, Extended
Request ID: null)" (RequestToken: 05331070-96b2-5d6d-5980-fea5af68b6ef, Handler
ErrorCode: AlreadyExists)
11:03:51 AM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack       | stack

The following resource(s) failed to create: [apiCloudWatchRoleC6C2D749, jo
bsDELETEServiceRole0C5D10A6, initiateprocessingServiceRole7BED0381, getprocessi
ngstatusServiceRole0D15F29B, videosGETvideoidServiceRoleC34CF15F, videosDELETES
erviceRole1FFE92AA, authorizerFunctionServiceRoleE6AAF541, processkeywordsServi
ceRoleFA27296D, jobsGETServiceRoleF105C519, jobsPOSTServiceRoleD3CEA40B, apiAut
[███▎······················································] (4/70)

I'm attempting to add a Lambda authorizer to my REST API in the AWS CDK.

    const api = new apigw.RestApi(this, 'apiname', {
      defaultCorsPreflightOptions: {
        allowOrigins: apigw.Cors.ALL_ORIGINS
      }
    });

    const authorizerFunction = new lambda.Function(this, "authorizerFunction", {
      runtime: lambda.Runtime.PYTHON_3_7,
      handler: "lambda_function.lambda_handler",
      code: lambda.Code.fromAsset("lambda/authorizer"), 
      architecture: lambda.Architecture.X86_64,
      environment: db_env,
      layers:[psycopg2]
    });

    const apiAuthorizer = new apigw.CfnAuthorizer(this, 'apiAuthorizer', {
      name: 'apiAuthorizer',
      restApiId: api.restApiId,
      type: 'TOKEN',
      authorizerResultTtlInSeconds:0,
      identitySource: 'method.request.header.Authorization',
      authorizerUri:'arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/${authorizerFunction.functionArn}/invocations'
    });
    const auth = {authorizationType: apigw.AuthorizationType.CUSTOM, authorizer:{authorizerId: apiAuthorizer.attrAuthorizerId}}

...
    // The same parameters for every new method
    videos.addMethod('GET', new apigw.LambdaIntegration(videosGET, {proxy:true}), auth);

No errors pop up in the IDE, the Lambda function has no errors, and the app bootstraps fine. However, when deploying, the following error shows up:

apiAuthorizer Resource handler returned message: "Invalid lambda function (Service: ApiGateway, Status Code: 400, Request ID: asdfasdfdafsd, Extended Request ID: null)" (RequestToken: fadsfasdfdasfds, HandlerErrorCode: AlreadyExists)

Does anybody have any insight as to why this is happening? This is the only instance of this lambda function or id anywhere in the document, I have been banging my head against the wall for days and am running out of options. Thank you very much!

Log:

✨  Synthesis time: 3.22s

current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-lookup-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
(To get rid of this warning, please upgrade to bootstrap version >= 8)
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-deploy-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
stack: deploying...
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-deploy-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
[0%] start: Publishing 97a39e50dc5a7b919754b7f8e605cd4e9d15f49977e1a5107ac03c064a3cb217:current_account-current_region
current credentials could not be used to assume 'arn:aws:iam::account_num:role/cdk-hnb659fds-file-publishing-role-account_num-us-east-1', but are for the right account. Proceeding anyway.
[7%] success: Published 97a39e50dc5a7b919754b7f8e605cd4e9d15f49977e1a5107ac03c064a3cb217:current_account-current_region
[7%] start: Publishing b2ebdbbab148e87676b6d14b657bf8fadf12d7f232588789baae1222218a3581:current_account-current_region
[15%] success: Published b2ebdbbab148e87676b6d14b657bf8fadf12d7f232588789baae1222218a3581:current_account-current_region
[15%] start: Publishing 67c32e703c1fcd33bf2b9291f317cb2f7be41fbe8d9a4379730799473c252b04:current_account-current_region
[23%] success: Published 67c32e703c1fcd33bf2b9291f317cb2f7be41fbe8d9a4379730799473c252b04:current_account-current_region
[23%] start: Publishing 2ef1a148088a2b5a315ad35aad59e4af0b1c08b98200fdf0929ba95287ee6ce5:current_account-current_region
[30%] success: Published 2ef1a148088a2b5a315ad35aad59e4af0b1c08b98200fdf0929ba95287ee6ce5:current_account-current_region
[30%] start: Publishing cad80074c492c1ea50399558f50f858e2d0e9ac90e1b4ad7ac109df0a2958a8a:current_account-current_region
[38%] success: Published cad80074c492c1ea50399558f50f858e2d0e9ac90e1b4ad7ac109df0a2958a8a:current_account-current_region
[38%] start: Publishing 6ef219049e232514e013788f0058412a730d86012227431aef2d1ab6f8c739bf:current_account-current_region
[46%] success: Published 6ef219049e232514e013788f0058412a730d86012227431aef2d1ab6f8c739bf:current_account-current_region
[46%] start: Publishing c060a4ac2428713dd0429976f19d01689cdbed20829405e999462d4b5334db70:current_account-current_region
[53%] success: Published c060a4ac2428713dd0429976f19d01689cdbed20829405e999462d4b5334db70:current_account-current_region
[53%] start: Publishing df2c8d783eac0311e9f0bdd4cc62b80e7ad03137e7ca44b6f7af6196f1dceffb:current_account-current_region
[61%] success: Published df2c8d783eac0311e9f0bdd4cc62b80e7ad03137e7ca44b6f7af6196f1dceffb:current_account-current_region
[61%] start: Publishing 1a495f5e7c52f2b689c3a3aa6c40cb9b89d8e897ed865efb4d2066cf61151bb7:current_account-current_region
[69%] success: Published 1a495f5e7c52f2b689c3a3aa6c40cb9b89d8e897ed865efb4d2066cf61151bb7:current_account-current_region
[69%] start: Publishing c232c99bbc9150c88cb39eca0ae34e8a6491f31839670dcc41a692afbbd754e1:current_account-current_region
[76%] success: Published c232c99bbc9150c88cb39eca0ae34e8a6491f31839670dcc41a692afbbd754e1:current_account-current_region
[76%] start: Publishing b56591fc6ac5a4be79c50276c852b1bcdb1110cdc5851b62d6b207f9a857b723:current_account-current_region
[84%] success: Published b56591fc6ac5a4be79c50276c852b1bcdb1110cdc5851b62d6b207f9a857b723:current_account-current_region
[84%] start: Publishing 267ee2b42557489195406d74f30103325942e372718394c680804b940a1d1d2d:current_account-current_region
[92%] success: Published 267ee2b42557489195406d74f30103325942e372718394c680804b940a1d1d2d:current_account-current_region
[92%] start: Publishing 44692731cceaa457073cb1adf697962b9aabf1682c976d725cd0f9831fdb493b:current_account-current_region
[100%] success: Published 44692731cceaa457073cb1adf697962b9aabf1682c976d725cd0f9831fdb493b:current_account-current_region
stack: creating CloudFormation changeset...
[··························································] (0/70)

11:03:08 AM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack       | stack
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsDEL
ETE/ServiceRole
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::CDK::Metadata               | CDKMeta
data/Default
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | videosP
OSTvideo_id/ServiceRole
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | job_pro
cessing/Role
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsPOS
[█▋························································] (2/70)

11:03:08 AM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack       | stack
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsDEL
ETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsPOS
T/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | api/CloudWatchRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | videosD
ELETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsGET
[█▋························································] (2/70)

11:03:08 AM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack       | SniprCd
kStack
11:03:42 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsDEL
ETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsPOS
T/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | api/CloudWatchRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | videosD
ELETE/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | jobsGET
/ServiceRole
11:03:43 AM | CREATE_IN_PROGRESS   | AWS::IAM::Role                   | process
[███▎······················································] (4/70)

11:03:08 AM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack       | stack
11:03:49 AM | CREATE_FAILED        | AWS::ApiGateway::Authorizer      | apiAuth
orizer
Resource handler returned message: "Invalid lambda function (Service: ApiGatewa
y, Status Code: 400, Request ID: 11647356-1231-436e-a12d-fba981480fa0, Extended
Request ID: null)" (RequestToken: 05331070-96b2-5d6d-5980-fea5af68b6ef, Handler
ErrorCode: AlreadyExists)


[███▎······················································] (4/70)

11:03:49 AM | CREATE_FAILED        | AWS::ApiGateway::Authorizer      | apiAuth
orizer
Resource handler returned message: "Invalid lambda function (Service: ApiGatewa
y, Status Code: 400, Request ID: 11647356-1231-436e-a12d-fba981480fa0, Extended
Request ID: null)" (RequestToken: 05331070-96b2-5d6d-5980-fea5af68b6ef, Handler
ErrorCode: AlreadyExists)
11:03:51 AM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack       | stack

The following resource(s) failed to create: [apiCloudWatchRoleC6C2D749, jo
bsDELETEServiceRole0C5D10A6, initiateprocessingServiceRole7BED0381, getprocessi
ngstatusServiceRole0D15F29B, videosGETvideoidServiceRoleC34CF15F, videosDELETES
erviceRole1FFE92AA, authorizerFunctionServiceRoleE6AAF541, processkeywordsServi
ceRoleFA27296D, jobsGETServiceRoleF105C519, jobsPOSTServiceRoleD3CEA40B, apiAut
[███▎······················································] (4/70)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

鸵鸟症 2025-01-17 11:24:20

最终通过使用完全不同的构造解决了该问题。从来没有弄清楚为什么会出现这个错误。

    const auth = new apigw.TokenAuthorizer(this, 'apiAuthorizer', {
      handler: authorizerFunction,
      authorizerName: "authorizer",
      resultsCacheTtl:Duration.minutes(1)
    });

Ended up fixing the issue by using a different construct entirely. Never figured out why it was giving that error.

    const auth = new apigw.TokenAuthorizer(this, 'apiAuthorizer', {
      handler: authorizerFunction,
      authorizerName: "authorizer",
      resultsCacheTtl:Duration.minutes(1)
    });
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文