我有以下 main.tf 檔案,它創建了一個 S3 存盤桶my-tf-test-bucket-12567和一個 AWS lambda hasher_lambda:
provider "aws" {
profile = "default"
region = "us-east-1"
}
resource "aws_s3_bucket" "b" {
bucket = "my-tf-test-bucket-12567"
acl = "private"
tags = {
Name = "My bucket"
Environment = "Dev"
}
}
data "archive_file" "lambda" {
type = "zip"
source_file = "${path.module}/src/hash.py"
output_path = "${path.module}/src/hash.py.zip"
}
resource "aws_iam_role" "iam_for_lambda" {
# add S3 inline policies for lambda to be able to read/write from/to S3 bucket
name = "iam_for_lambda"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_lambda_function" "hasher_lambda" {
filename = data.archive_file.lambda.output_path
function_name = "hasher_lambda"
role = aws_iam_role.iam_for_lambda.arn
handler = "hash.handler"
runtime = "python3.8"
}
如何將 AWS lambda 配置為由my-tf-test-bucket-12567Terraform 中的 S3 存盤桶觸發?
uj5u.com熱心網友回復:
您可能需要創建一個aws_s3_bucket_notificationandaws_lambda_permission以便 S3 事件呼叫該函式。
Lambda 權限:
resource "aws_lambda_permission" "allow_bucket" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.hasher_lambda.arn
principal = "s3.amazonaws.com"
source_arn = aws_s3_bucket.bucket.arn
}
桶通知:
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = aws_s3_bucket.b.id
lambda_function {
lambda_function_arn = aws_lambda_function.func.arn
events = ["s3:ObjectCreated:*"]
}
depends_on = [aws_lambda_permission.allow_bucket]
}
可能有多種事件通知型別可能導致呼叫 Lambda。整個串列可以在 AWS 檔案中找到:source。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/346012.html
上一篇:Shell/Bash-分配cli結果后字串變數中的額外字符
下一篇:如果我洗掉將專案移動到Glacier的S3生命周期規則,它是否會立即將所有Glacier專案移出Glacier?