为什么我的CloudWatch规则触发但不调用我的lambda功能?
我已经使用CDK创建了lambda函数。
在我的Java应用程序中,我通过编程方式创建一个CloudWatch事件规则,其目标通过其ARN指向该函数。
CloudWatch规则被触发,但未能调用lambda。当我手动将CloudWatch规则添加为AWS控制台的lambda触发器时,该函数确实会被调用。
CDK代码
private createPregameEventsLambda(props: InfraStackProps) {
const lambdaEnvVars = {
'Domain': props.stage,
'Region': props.region,
'ResourceNamePrefix': props.resourceNamePrefix
};
const pregameEventsLambda = new Lambda(this, "PregameEvents-Lambda", {
...props,
name: LambdaConfig.PREGAME_EVENTS_LAMBDA.name,
handler: LambdaConfig.PREGAME_EVENTS_LAMBDA.handler,
environment: {
variables: lambdaEnvVars
},
role: this.lambdaExecutionRole
}).getFunction()
}
Java应用程序:
public void createCloudWatchRule(final LiveEventIdRelationInfo info) {
final String smpId = info.getSmpId();
final Date date = new Date(startTime);
final Calendar calendar = Calendar.getInstance();
calendar.setTime(date);
calendar.setTimeZone(TimeZone.getTimeZone("GMT+0"));
final String cronExpression = getCronExpression(calendar);
final PutRuleRequest putRuleRequest = new PutRuleRequest()
.withScheduleExpression(cronExpression)
.withName(ruleName);
cloudWatchEventClient.putRule(putRuleRequest);
final Target target = new Target()
.withId(LAMBDA_TARGET_ID)
.withArn(functionArn)
.withInput(jsonString);
final PutTargetsRequest putTargetsRequest = new PutTargetsRequest()
.withRule(ruleName)
.withTargets(target);
cloudWatchEventClient.putTargets(putTargetsRequest);
}
控制台显示创建的规则具有正确的lambda arn,但仍未被调用。
是否有 InvokeFunction 我需要添加到CDK代码的权限?
我是否缺少权限?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不,这与您的CDK代码无关,因为您在CDK代码之外创建了一个新的EventBridge(CloudWatch)规则。您不是使用CDK创建规则,因此它不是正确的位置。
您的lambda功能缺少基于资源的IAM策略,该策略授予EventBridge&特别是您创建的规则,以调用它。
因为您正在创建规则& Target 通过编程,您还需要使用 在您的Java应用程序中。
除其他外,
addpermission允许您设置一个调用该功能的AWS资源的源ARN。这将是Eventbridge规则的Arn。这不是必需的 ,但是如果您未指定源,请注意,其他帐户可能会在其帐户中配置资源以调用您的lambda函数。因此,我建议始终设置源。
将上述应用于您的代码,
CloudWatchEventClient.putrule(putrulerequest);实际上将返回https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/eventbridge/eventbridge/model/model/putruleresponse.html“ rel =“ norofollow norefollow norefoller” >通过dulearn()方法,即捕获了此值后,创建&发送 授予必要的许可。
这应该使用Java 2.x的AWS SDK来工作:
如果您使用AWS SDK用于Java 1.x,则适用相同的概念 - 会有较小的语法差异,但会引用上述链接与V1 Docs,并且您'将能够轻松弄清楚。
No, this isn't related to your CDK code, since you're creating a new EventBridge (CloudWatch) rule outside of your CDK code. You're not creating the rule using the CDK so it's not the right place to look.
Your Lambda function is missing a resource-based IAM policy, which grants EventBridge & specifically your created rule, to invoke it.
Since you're creating the rule & target programmatically, you will also need to grant this permission programmatically using
AddPermission& theLambdaClientin your Java application.Among other things,
AddPermissionallows you to set a source ARN which is the ARN of the AWS resource that invokes the function. This would be the ARN of the EventBridge rule.This is not required however if you do not specify the source, do note that other accounts could potentially configure resources in their account to invoke your Lambda function. As such, I'd recommend always setting the source ARN.
Applying the above to your code,
cloudWatchEventClient.putRule(putRuleRequest);will actually return the ARN of the created rule in thePutRuleReponsevia theruleArn()method i.e.Once you have this value captured, create & send a
AddPermissionRequestto grant the necessary permission.This should work using the AWS SDK for Java 2.x:
If you're using AWS SDK for Java 1.x, the same concepts apply - there will be minor syntax differences but cross reference the above links with the v1 docs and you'll be able to easily figure it out.