我正在嘗試從 s3 存盤桶中洗掉一個物件,但無論我做什么,洗掉請求總是會超時。我在想我要么錯誤地配置了權限,要么我錯誤地使用了 aws-sdk。
這是我在 aws-cdk 中定義的 lambda 函式創建:
this.appsyncS3LambdaResolver = new NodejsFunction(
this,
"appsyncS3LambdaResolver",
{
memorySize: 1024,
handler: "handler",
runtime: lambda.Runtime.NODEJS_14_X,
timeout: cdk.Duration.seconds(5),
entry: __dirname "/../../lambda-fns/AppsyncS3LambdaResolver/index.ts",
environment: {
SECRET_NAME: props.rdsSecretName || "",
SECRET_VALUE: props.rdsSecretValue || "",
S3_BUCKET_NAME: props.s3bucket.bucketName,
S3_BUCKET_URL: props.s3bucket.bucketWebsiteUrl,
},
bundling: {
externalModules: ["aws-sdk"],
nodeModules: ["pg"],
},
vpc: props.vpc,
vpcSubnets: { subnetType: ec2.SubnetType.ISOLATED },
securityGroups: [props.lambdaAccessToRDSSecurityGroup],
}
);
// Give appsyncS3LambdaResolver access to put to S3 bucket (which enables it to make presigned urls)
// and delete
props.s3bucket.grantPut(this.appsyncS3LambdaResolver);
props.s3bucket.grantDelete(this.appsyncS3LambdaResolver);
這是我的 s3 存盤桶創建:
this.s3bucket = new s3.Bucket(this, "s3-bucket", {
// bucketName: 'my-bucket',
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true,
versioned: false,
publicReadAccess: false,
encryption: s3.BucketEncryption.S3_MANAGED,
cors: [
{
allowedMethods: [s3.HttpMethods.GET, s3.HttpMethods.PUT],
allowedOrigins: props.isProd
? [] // tbd
: ["http://localhost:3000", "http://localhost:3000/*"],
allowedHeaders: ["*"],
},
],
lifecycleRules: [
{
abortIncompleteMultipartUploadAfter: cdk.Duration.days(90),
expiration: cdk.Duration.days(365),
transitions: [
{
storageClass: s3.StorageClass.INFREQUENT_ACCESS,
transitionAfter: cdk.Duration.days(30),
},
],
},
],
});
this.s3bucket.addToResourcePolicy(
new iam.PolicyStatement({
sid: "allow deleting objects from s3 bucket /public/*",
effect: iam.Effect.ALLOW,
principals: [new iam.AnyPrincipal()],
actions: ["s3:DeleteObject"],
resources: [this.s3bucket.bucketArn "/public/*"],
})
);
以及未洗掉的實際 lambda 函式代碼:
for (let i = 0; i < result.rows[0].num_media; i ) {
const params = {
Bucket: process.env.S3_BUCKET_NAME,
Key: `public/reviewmedia/${reviewId}/${i}`,
};
console.log("params:", params);
const res = await s3.deleteObject(params).promise();
console.log(res);
}
我有兩個權限來授予我的 lambda 函式訪問權限以從 s3 存盤桶中洗掉(s3bucket.grantDelete() 和 s3 存盤桶上的策略),但它們似乎都不起作用。在這里,我給了我的策略等同于委托人:“*”,但這也沒有解決它。我不確定我的配置有什么問題......我非常感謝一些建議。
uj5u.com熱心網友回復:
通常超時錯誤與連接問題有關。
如果 lambda 在 VPC 中運行,請確保關聯的 SG 允許出站流量,并檢查 lambda 子網是否有連接到 S3 的路由(通過 IGW 用于公共子網,Nat Gateway/Nat 實體用于私有子網或 S3 VPC Endpoint 連接私下連接到 S3,而不需要前面提到的選項)。
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/415551.html
標籤: