python - AWS Lambda 从 Codepipeline 调用权限被拒绝错误
问题描述
我已将管道设置为调用 AWS Lamba 函数。运行30分钟后显示错误
AWS Lambda 函数 cloudfront-invalidation 未能返回结果。检查该函数以验证它是否有权调用 PutJobSuccessResult 操作以及是否调用了 PutJobSuccessResult。
Lambda 角色具有设置 PutJobSuccessResult 的权限,并且 Codepipeline 服务角色具有调用 lambda 函数的权限。
这是我的 lambda 代码:
import boto3
import time
def lambda_handler(context, event):
sts_connection = boto3.client('sts')
acct_b = sts_connection.assume_role(
RoleArn="arn:aws:iam::1234567890:role/AssumeRole",
RoleSessionName="cross_acct_lambda"
)
ACCESS_KEY = acct_b['Credentials']['AccessKeyId']
SECRET_KEY = acct_b['Credentials']['SecretAccessKey']
SESSION_TOKEN = acct_b['Credentials']['SessionToken']
client = boto3.client(
'cloudfront',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
aws_session_token=SESSION_TOKEN,
)
response = client.create_invalidation(
DistributionId='ABC',
InvalidationBatch={
'Paths': {
'Quantity': 1,
'Items': [
'/*',
]
},
'CallerReference': str(time.time()).replace(".", "")
}
)
invalidation_id = response['Invalidation']['Id']
print("Invalidation created successfully with Id: " + invalidation_id)
pipeline = boto3.client('codepipeline')
response = pipeline.put_job_success_result(
jobId= event['CodePipeline.job']['id']
)
return response
解决方案
问题解决了。下面更新了 lambda:
import boto3
import time
import json
import logging
def lambda_handler(event, context):
sts_connection = boto3.client('sts')
acct_b = sts_connection.assume_role(
RoleArn="arn:aws:iam::123456789:role/CloudfrontAssumeRole",
RoleSessionName="cross_acct_lambda"
)
ACCESS_KEY = acct_b['Credentials']['AccessKeyId']
SECRET_KEY = acct_b['Credentials']['SecretAccessKey']
SESSION_TOKEN = acct_b['Credentials']['SessionToken']
client = boto3.client(
'cloudfront',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
aws_session_token=SESSION_TOKEN,
)
response = client.create_invalidation(
DistributionId='ABCD',
InvalidationBatch={
'Paths': {
'Quantity': 1,
'Items': [
'/*',
]
},
'CallerReference': str(time.time()).replace(".", "")
}
)
invalidation_id = response['Invalidation']['Id']
print("Invalidation created successfully with Id: " + invalidation_id)
logger = logging.getLogger()
logger.setLevel(logging.INFO)
logger.debug(json.dumps(event))
codepipeline = boto3.client('codepipeline')
job_id = event['CodePipeline.job']['id']
try:
logger.info('Success!')
response = codepipeline.put_job_success_result(jobId=job_id)
logger.debug(response)
except Exception as error:
logger.exception(error)
response = codepipeline.put_job_failure_result(
jobId=job_id,
failureDetails={
'type': 'JobFailed',
'message': f'{error.__class__.__name__}: {str(error)}'
}
)
logger.debug(response)
推荐阅读
- excel - 根据单元格值自动生成代码
- linux - linux上的热重载问题;通过删除 node_modules 和缓存清除。固定的
- java - 使用jOOQ构建SQL时如何将变量绑定到条件语句?
- ios - Stripe IOS SDK 与 AllResponseFields 不匹配?
- c# - 如何从 .net Core 2.2 中的 appsettings.json 读取日志记录配置
- azure - 在 cosmos db 中使用 Table API 在数据库级别提供吞吐量
- python - Pandas 中的滚动平均值
- php - 如何从表中获取特定数据并在另一个页面中显示该特定数据?
- android - 清单 sharedUserLabel 在哪里对用户可见?
- javascript - 无法从服务模型返回用户