时间戳

首页 > 解决方案 > 在模板中启用默认加密的无服务器 S3 存储桶事件

amazon-web-services - 在模板中启用默认加密的无服务器 S3 存储桶事件

问题描述

根据https://serverless.com/framework/docs/providers/aws/events/s3/ 我可以在无服务器模板中创建一个 S3 存储桶,当 jpg 文件被放入上传目录时触发事件。伟大的!

functions:
  users:
    handler: users.handler
    events:
      - s3:
          bucket: photos
          event: s3:ObjectCreated:*
          rules:
            - prefix: uploads/
            - suffix: .jpg

另一个示例说明何时添加自定义 S3 存储桶属性。也很棒!

functions:
  resize:
    handler: resize.handler
    events:
      - s3: photos

resources:
  Resources:
    S3BucketPhotos:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: my-custom-bucket-name
    ResizeLambdaPermissionPhotosS3:
      Type: "AWS::Lambda::Permission"
      Properties:
        FunctionName:
          "Fn::GetAtt":
            - ResizeLambdaFunction
            - Arn
        Principal: "s3.amazonaws.com"
        Action: "lambda:InvokeFunction"
        SourceAccount:
          Ref: AWS::AccountId
        SourceArn: "arn:aws:s3:::my-custom-bucket-name"

如果我想为该存储桶添加默认加密,我需要在模板的资源部分创建存储桶,并在事件处理程序中引用它,好的,我可以这样做。

functions:
  resize:
    handler: resize.handler
    events:
      - s3: photos

resources:
  Resources:
    S3BucketPhotos:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: my-custom-bucket-name
        BucketEncryption:
          ServerSideEncryptionConfiguration:
            - ServerSideEncryptionByDefault:
                SSEAlgorithm: AES256

但是现在我被困在如何指定要触发处理程序的事件和规则(前缀和文件类型)上。我无法将它们添加到调整大小处理程序块中,并且在搜索文档以找到答案时遇到了麻烦。

标签: amazon-web-servicesamazon-s3serverless-frameworkserverless

解决方案

我无法将它们添加到调整大小处理程序块中

我相信你可以。在该部分中声明存储桶resources不会取消您在处理程序的 S3 事件中指定规则的能力。

用于测试的完整示例:

functions:
  resize:
    handler: handler.s3EventProcessor
    events:
      - s3: 
          bucket: photos
          event: s3:ObjectCreated:*
          rules:
            - prefix: uploads/
            - suffix: .jpg          
resources:
  Resources:
    S3BucketPhotos:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:service}-${self:provider.stage}
        BucketEncryption:
          ServerSideEncryptionConfiguration:
            - ServerSideEncryptionByDefault:
                SSEAlgorithm: AES256        
    ResizeLambdaPermissionPhotosS3:
      Type: "AWS::Lambda::Permission"
      Properties:
        FunctionName:
          "Fn::GetAtt":
            - ResizeLambdaFunction
            - Arn
        Principal: "s3.amazonaws.com"
        Action: "lambda:InvokeFunction"
        SourceAccount:
          Ref: AWS::AccountId
        SourceArn: "arn:aws:s3:::${self:service}-${self:provider.stage}"

推荐阅读