时间戳

首页 > 解决方案 > 无法列出事件。资源 = 列表(事件['detail']['requestParameters']['evaluations'])[0]

python-3.x - 无法列出事件。资源 = 列表(事件['detail']['requestParameters']['evaluations'])[0]

问题描述

当我尝试列出 S3 事件时出现以下错误。

Response:
{
  "errorMessage": "'detail'",
  "errorType": "KeyError",
  "stackTrace": [
    [
      "/var/task/lambda_function.py",
      30,
      "lambda_handler",
      "resource = list(event['detail']['requestParameters']['evaluations'])[0]"
    ]
  ]
}

Request ID:
"6ee059f2-556c-4483-a45f-f90238ed727e"

Function Logs:
START RequestId: 6ee059f2-556c-4483-a45f-f90238ed727e Version: $LATEST
'detail': KeyError
Traceback (most recent call last):
  File "/var/task/lambda_function.py", line 30, in lambda_handler
    resource = list(event['detail']['requestParameters']['evaluations'])[0]
KeyError: 'detail'

END RequestId: 6ee059f2-556c-4483-a45f-f90238ed727e
REPORT RequestId: 6ee059f2-556c-4483-a45f-f90238ed727e  Duration: 1491.42 ms    Billed Duration: 1500 ms    Memory Size: 128 MB Max Memory Used: 74 MB  Init Duration: 165.73 ms

代码:

   import boto3
    from botocore.exceptions import ClientError
    import json
    import os
    ACL_RD_WARNING = "The S3 bucket ACL allows public read access."
    PLCY_RD_WARNING = "The S3 bucket policy allows public read access."
    ACL_WRT_WARNING = "The S3 bucket ACL allows public write access."
    PLCY_WRT_WARNING = "The S3 bucket policy allows public write access."
    RD_COMBO_WARNING = ACL_RD_WARNING + PLCY_RD_WARNING
    WRT_COMBO_WARNING = ACL_WRT_WARNING + PLCY_WRT_WARNING
    def policyNotifier(bucketName, s3client):
        try:
            bucketPolicy = s3client.get_bucket_policy(Bucket = bucketName)
            # notify that the bucket policy may need to be reviewed due to security concerns
            sns = boto3.client('sns')
            subject = "Potential compliance violation in " + bucketName + " bucket policy"
            "Potential bucket policy compliance violation. Please review: " + json.dumps(bucketPolicy['Policy']),
            # send SNS message with warning and bucket policy
            response = sns.publish(
                TopicArn = os.environ['TOPIC_ARN'],
                Subject = subject,
                Message = message
            )
        except ClientError as e:
            # error caught due to no bucket policy
            print("No bucket policy found; no alert sent.")
    def lambda_handler(event, context):
        # instantiate Amazon S3 client
        s3 = boto3.client('s3')
        resource = list(event['detail']['requestParameters']['evaluations'])[0]
        bucketName = resource['complianceResourceId']
        complianceFailure = event['detail']['requestParameters']['evaluations'][0]['annotation']
        if(complianceFailure == ACL_RD_WARNING or complianceFailure == ACL_WRT_WARNING):
            s3.put_bucket_acl(Bucket = bucketName, ACL = 'private')
        elif(complianceFailure == PLCY_RD_WARNING or complianceFailure == PLCY_WRT_WARNING):
            policyNotifier(bucketName, s3)
        elif(complianceFailure == RD_COMBO_WARNING or complianceFailure == WRT_COMBO_WARNING):
            s3.put_bucket_acl(Bucket = bucketName, ACL = 'private')
            policyNotifier(bucketName, s3)
        return 0  # done

从https://aws.amazon.com/blogs/security/how-to-use-aws-config-to-monitor-for-and-respond-to-amazon-s3-buckets-allowing-public-access复制代码/

当我测试 lambda 函数时。超越错误。

蟒蛇新手。请帮我解决问题。

标签: python-3.xamazon-s3aws-lambdaboto3

解决方案

在您的代码中,您假设以下路径始终存在于event:中event['detail']['requestParameters']['evaluations']。错误告诉您event实际上不包含detail密钥。

你应该做的是:

  1. 确保您的测试事件对应于您希望触发 lambda 的真实事件
  2. 如果是,event请先打印以查看其结构:
import json
...
print(json.dumps(event, indent=2))

自 2018 年撰写本文以来,事件格式完全有可能发生变化。

  1. 无论如何,最好将该语句包含在try ... except块中以捕获 KeyError 并优雅退出

推荐阅读