- 最新
- 最多得票
- 最多評論
when i correct resources like this sort out my issue
Resources:
DealPriceExcelConsumerQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: DealPriceExcelConsumerQueue
RedrivePolicy:
deadLetterTargetArn: !GetAtt DealPriceExcelConsumerDLQ.Arn
maxReceiveCount: 5
UpdateReplacePolicy: Snapshot
DealPriceExcelProducerDLQ:
Type: AWS::SQS::Queue
Properties:
QueueName: DealPriceExcelProducerDLQ
UpdateReplacePolicy: Snapshot
DealPriceExcelConsumerDLQ:
Type: AWS::SQS::Queue
Properties:
QueueName: DealPriceExcelConsumerDLQ
UpdateReplacePolicy: Snapshot
DealPriceExcelConsumerQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
Queues:
- !Ref DealPriceExcelConsumerQueue
- !Ref DealPriceExcelConsumerDLQ
- !Ref DealPriceExcelProducerDLQ
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'sqs:DeleteMessage'
- 'sqs:GetQueueAttributes'
- 'sqs:ReceiveMessage'
- 'sqs:SendMessage'
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:sqs:eu-west-2:${AWS::AccountId}:DealPriceExcelConsumerQueue'
- Effect: Allow
Action:
- 'sqs:DeleteMessage'
- 'sqs:GetQueueAttributes'
- 'sqs:ReceiveMessage'
- 'sqs:SendMessage'
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:sqs:eu-west-2:${AWS::AccountId}:DealPriceExcelUploadConsumersDlq'
- Effect: Allow
Action:
- 'sqs:DeleteMessage'
- 'sqs:GetQueueAttributes'
- 'sqs:ReceiveMessage'
- 'sqs:SendMessage'
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:sqs:eu-west-2:${AWS::AccountId}:DealPriceExcelProducerDLQ'
DealPriceExcelEventTriggerPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: DealPriceExcelEventTriggerPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:PutLogEvents
- logs:CreateLogGroup
- logs:CreateLogStream
Resource: 'arn:aws:logs:*:*:*'
- Effect: Allow
Action:
- s3:GetObject
Resource: 'arn:aws:s3:::${self:custom.bucketName}/*'
Roles:
- !Ref DealPriceExcelExecutionRole
DealPriceExcelExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
- sqs.amazonaws.com
- s3.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: DealPriceExcelEventTriggerPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- logs:PutLogEvents
- logs:CreateLogGroup
- logs:CreateLogStream
Resource: 'arn:aws:logs:*:*:*'
- Effect: Allow
Action:
- s3:GetObject
Resource: 'arn:aws:s3:::${self:custom.bucketName}/*'
- PolicyName: SQSPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- lambda:CreateEventSourceMapping
- lambda:ListEventSourceMappings
- lambda:ListFunctions
- sqs:DeleteMessage
- sqs:GetQueueAttributes
- sqs:ReceiveMessage
- sqs:SendMessage
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: "*"
DealPriceExcelUploadProducerFunction:
Type: AWS::Lambda::Function
Properties:
Role: !GetAtt DealPriceExcelExecutionRole.Arn
Runtime: nodejs18.x
FunctionName: DealPriceExcelUploadProducerFunction
Handler: index.handler
DeadLetterConfig:
TargetArn: !GetAtt DealPriceExcelProducerDLQ.Arn
Environment:
Variables:
producerQueueUrl: !Ref DealPriceExcelConsumerQueue
producerDlQueueUrl: !Ref DealPriceExcelProducerDLQ
Code:
ZipFile: |
import { S3Client } from "@aws-sdk/client-s3";
import { SQS } from "@aws-sdk/client-sqs";
const region = process.env.AWS_REGION ??"eu-west-2";
const s3 = new S3Client({ region: region });
const sqs = new SQS({ apiVersion: "2012-11-05",region:region });
const producerQueueUrl = process.env.producerQueueUrl;
const producerDlQueueUrl = process.env.producerDlQueueUrl;
export const handler = async (event): Promise<string | undefined> => {
for (const record of event.Records) {
let retryCount = 0;
const maxRetries = 5;
while (retryCount <= maxRetries) {
try {
await ProcessEvent(record,producerQueueUrl);
retryCount = 0;
return event;
} catch (err) {
if (retryCount == maxRetries) {
AddToDlq(record);
return event;
}
retryCount++;
}
}
};
return event;
};
const ProcessEvent = async (
record,
queueUrl:string
) => {
const bucket = record.s3.bucket.name;
const key = decodeURIComponent(record.s3.object.key.replace(/\+/g, " "));
const payload = {
Bucket: bucket,
Key: key,
};
const messageBody = JSON.stringify(payload);
await sqs.sendMessage({
MessageBody: messageBody,
QueueUrl: queueUrl
});
};
const AddToDlq= async( record)=>{
await ProcessEvent(record, producerDlQueueUrl);
};
Hello.
Judging from the content of the error, it appears that there is a problem with the syntax of the IAM policy.
However, looking at the template, there didn't seem to be any problems with the syntax.
It may not matter much, but why not try changing all double quotes to single quotes?
I have had experience of resolving errors using it in the past.
Also, Check which resources are causing creation errors directly from the CloudFormation stack screen.
It looks like you are using the Serverless Framework. In your functions
, section try using ${aws:accountId}
rather than ${AWS::AccountId}
in your ARN references. That is the Serverless native way to substitute the current account ID[1]. The functions
section is not CloudFormation, so I do not believe that the CloudFormation pseudo-parameter ${AWS::AccountId}
can be used.
[1] https://www.serverless.com/framework/docs-providers-aws-guide-variables
not sorted the issue here i have to configure all permission using cloudformation template
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 7 個月前
the issue not sorted