时间戳

首页 > 解决方案 > 无法在 Nodejs 应用程序中检索 cloudWatch GetMetricData

node.js - 无法在 Nodejs 应用程序中检索 cloudWatch GetMetricData

问题描述

我需要在我的 AWS Lambda 的 Node.js 应用程序中获取 MetricData 在此处输入图像描述

收到错误:

AccessDenied: User: arn:aws:sts::123456789012:assumed-role/dev-rohit-ap-southeast-1-lambdaRole/dev-rohit-uploader is not authorized to perform: cloudwatch:GetMetricData\n    at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/query.js:50:29)\n    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)\n    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)\n    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)\n    at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)\n    at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)\n    at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10\n    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)\n    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)\n    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)

无服务器.yaml

- Effect: "Allow"
      Action:
        - "lambda:GetMetricData"
      Resource: arn:aws:lambda:${self:custom.region}:${self:custom.accountId}:function:${self:service}-${opt:stage}-uploader

获取指标数据函数

exports.getMetrics = async () => {
  const params = {
    EndTime: '2021-09-07T03:04:00Z',
    MetricDataQueries: [
      {
        Id: 'concurrencycount',
        Label: 'Average concurrency',
        MetricStat: {
          Metric: {
            Dimensions: [
              {
                Name: 'upload',
                Value: process.env.S3_UPLOAD_BUCKET
              },
            ],
            MetricName: 'Invocations',
            Namespace: 'AWS/Lambda'
          },
          Period: '300',
          Stat: 'Average',
          Unit: 'Count'
        },
        ReturnData: false
      },
    ],
    StartTime: '2021-09-07T03:01:00Z',
    //ScanBy: TimestampDescending
  };

  try {
    return await client().getMetricData(params).promise()
  } catch (error) {
    logger.error(error, 'Error getting metrics from Lambda Cloudwatch')
    throw error
  }
}

我尝试了什么:

  1. 更新 了 serverless.yaml 中的操作

    行动:

    • “云观察:GetMetricData”

  2. 将 ARN 更新为

    资源:arn:aws:lambda:${self:custom.region}:${self:custom.accountId}:function:${self:service}-${opt:stage}-uploader

  3. 更新

    资源:arn:aws:logs:${self:custom.region}:${self:custom.accountId}:log-group:/aws/lambda/${self:service}-${opt:stage}-uploader :*

没用。

资源: https ://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CloudWatch.html#getMetricData-property

有人可以帮帮我吗?

标签: node.jsaws-lambdaamazon-cloudwatchserverless-framework

解决方案

您必须将 Resource 设置为*并使用条件键来限制访问范围:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-cw-condition-keys-namespace.html

因此,您的政策声明可能类似于:

- Effect: "Allow"
      Action:
        - "cloudwatch:GetMetricData"
      Resource: "*"
      Condition:
         StringEquals:
             "cloudwatch:namespace": "AWS/Lambda"

推荐阅读