为什么在使用无服务器-Appsync-Plugin部署时会遇到权限错误?
我正在尝试学习如何使用Serverless.com的AWS AppSync插件。
当我尝试部署时,我会遇到错误:
Error:
CREATE_FAILED: GraphQlApi (AWS::AppSync::GraphQLApi)
User: arn:aws:iam::705076103456:user/cloud_user is not authorized to perform: appsync:TagResource on resource: arn:aws:appsync:us-east-1:705076103456:* with an explicit deny (Service: AWSAppSync; Status Code: 403; Error Code: AccessDeniedException; Request ID: 7695c105-653f-4bff-9b73-05c640d6e2b4; Proxy: null)
插件文档提及需要明确提供部署的权限的任何内容,因此我认为我的无服务器有问题
service: daveh-football-api
provider:
name: aws
deploymentBucket:
name: daveh-mindgym-football-api2
serverSideEncryption: AES256
stage: ${opt:stage, 'local'}
runtime: nodejs14.x
logs:
restApi: true
tracing:
apiGateway: true
lambda: true
region: us-east-1
profile: acloudguru
apiGateway:
shouldStartNameWithService: true
plugins:
- serverless-deployment-bucket
- serverless-webpack
# - serverless-domain-manager
- serverless-offline
- serverless-plugin-stage-variables
- serverless-appsync-plugin
custom:
appSync:
authenticationType: API_KEY
mappingTemplates:
- type: Query
request: false
response: false
dataSource: query
field: hello
dataSources:
- type: AWS_LAMBDA
name: query
config:
functionName: query
apiKeys:
- name: myapikey
description: 'My api key'
expiresAfter: 30d
functions:
ping:
handler: src/rest-handler.handler
events:
- http:
method: GET
path: ping
query:
handler: src/query-handler.handler
resources:
Resources:
GatewayResponseDefault4XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_4XX
RestApiId:
Ref: 'ApiGatewayRestApi'
GatewayResponseDefault5XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_5XX
RestApiId:
Ref: 'ApiGatewayRestApi'
。在添加AppSync的内容之前,它已经很好地部署了。
这是我的软件包中的开发依赖性
"serverless": "^3.12.0",
"serverless-appsync-plugin": "^1.13.0",
"serverless-deployment-bucket": "^1.5.2",
"serverless-offline": "^8.5.0",
"serverless-plugin-stage-variables": "^1.10.1",
"serverless-webpack": "^5.7.0",
"ts-loader": "^9.2.8"
。我要做的就是立即获取“ Hello World” GraphQl。
I'm trying to learn how to use serverless.com's AWS AppSync plugin.
I get an error when I try to deploy:
Error:
CREATE_FAILED: GraphQlApi (AWS::AppSync::GraphQLApi)
User: arn:aws:iam::705076103456:user/cloud_user is not authorized to perform: appsync:TagResource on resource: arn:aws:appsync:us-east-1:705076103456:* with an explicit deny (Service: AWSAppSync; Status Code: 403; Error Code: AccessDeniedException; Request ID: 7695c105-653f-4bff-9b73-05c640d6e2b4; Proxy: null)
The plugin documentation doesn't mention anything about needing to explicitly provide permissions to deploy, so I assume there is something wrong with my serverless.yml:
service: daveh-football-api
provider:
name: aws
deploymentBucket:
name: daveh-mindgym-football-api2
serverSideEncryption: AES256
stage: ${opt:stage, 'local'}
runtime: nodejs14.x
logs:
restApi: true
tracing:
apiGateway: true
lambda: true
region: us-east-1
profile: acloudguru
apiGateway:
shouldStartNameWithService: true
plugins:
- serverless-deployment-bucket
- serverless-webpack
# - serverless-domain-manager
- serverless-offline
- serverless-plugin-stage-variables
- serverless-appsync-plugin
custom:
appSync:
authenticationType: API_KEY
mappingTemplates:
- type: Query
request: false
response: false
dataSource: query
field: hello
dataSources:
- type: AWS_LAMBDA
name: query
config:
functionName: query
apiKeys:
- name: myapikey
description: 'My api key'
expiresAfter: 30d
functions:
ping:
handler: src/rest-handler.handler
events:
- http:
method: GET
path: ping
query:
handler: src/query-handler.handler
resources:
Resources:
GatewayResponseDefault4XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_4XX
RestApiId:
Ref: 'ApiGatewayRestApi'
GatewayResponseDefault5XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_5XX
RestApiId:
Ref: 'ApiGatewayRestApi'
There's also a rest endpoint defined in this serverless.yml. Before I added the AppSync stuff, it deployed fine.
Here are the dev dependencies from my package.json:
"serverless": "^3.12.0",
"serverless-appsync-plugin": "^1.13.0",
"serverless-deployment-bucket": "^1.5.2",
"serverless-offline": "^8.5.0",
"serverless-plugin-stage-variables": "^1.10.1",
"serverless-webpack": "^5.7.0",
"ts-loader": "^9.2.8"
Any ideas what I'm missing? All I'm trying to do is get a "hello world" graphql thing deployed right now.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论