1. 首頁
  2. 問答
  3. AWS - 操作系統錯誤權限被拒絕Lambda腳本

AWS - 操作系統錯誤權限被拒絕Lambda腳本

2016-08-17 84 views
0

我試圖用導入的庫在Python中執行Lambda腳本,但是我收到了權限錯誤。 我也收到一些關於數據庫的警報,但是數據庫查詢在子進程後調用,所以我不認爲它們是相關的。有人可以解釋爲什麼我會得到錯誤嗎?AWS - 操作系統錯誤權限被拒絕Lambda腳本

警報信息

Alarm:Database-WriteCapacityUnitsLimit-BasicAlarm 
State changed to INSUFFICIENT_DATA at 2016/08/16. Reason: Unchecked: Initial alarm creation

LAMBDA錯誤

[Errno 13] Permission denied: OSError Traceback (most recent call last):File "/var/task/lambda_function.py", line 36, in lambda_handler  
xml_output = subprocess.check_output(["./mediainfo", "--full", "--output=XML", signed_url]) 
File "/usr/lib64/python2.7/subprocess.py", line 566, in check_output process = Popen(stdout=PIPE, *popenargs, **kwargs) 
File "/usr/lib64/python2.7/subprocess.py", line 710, in __init__ errread, errwrite) File "/usr/lib64/python2.7/subprocess.py", line 1335, in _execute_child raise child_exception 
OSError: [Errno 13] Permission denied

LAMBDA代碼

import logging 
import subprocess 

import boto3 

SIGNED_URL_EXPIRATION = 300  # The number of seconds that the Signed URL is valid 
DYNAMODB_TABLE_NAME = "TechnicalMetadata" 
DYNAMO = boto3.resource("dynamodb") 
TABLE = DYNAMO.Table(DYNAMODB_TABLE_NAME) 

logger = logging.getLogger('boto3') 
logger.setLevel(logging.INFO) 


def lambda_handler(event, context): 
    """ 

    :param event: 
    :param context: 
    """ 
    # Loop through records provided by S3 Event trigger 
    for s3_record in event['Records']: 
     logger.info("Working on new s3_record...") 
     # Extract the Key and Bucket names for the asset uploaded to S3 
     key = s3_record['s3']['object']['key'] 
     bucket = s3_record['s3']['bucket']['name'] 
     logger.info("Bucket: {} \t Key: {}".format(bucket, key)) 
     # Generate a signed URL for the uploaded asset 
     signed_url = get_signed_url(SIGNED_URL_EXPIRATION, bucket, key) 
     logger.info("Signed URL: {}".format(signed_url)) 
     # Launch MediaInfo 
     # Pass the signed URL of the uploaded asset to MediaInfo as an input 
     # MediaInfo will extract the technical metadata from the asset 
     # The extracted metadata will be outputted in XML format and 
     # stored in the variable xml_output 
     xml_output = subprocess.check_output(["./mediainfo", "--full", "--output=XML", signed_url]) 
     logger.info("Output: {}".format(xml_output)) 
     save_record(key, xml_output) 

def save_record(key, xml_output): 
    """ 
    Save record to DynamoDB 

    :param key:   S3 Key Name 
    :param xml_output: Technical Metadata in XML Format 
    :return: 
    """ 
    logger.info("Saving record to DynamoDB...") 
    TABLE.put_item(
     Item={ 
      'keyName': key, 
      'technicalMetadata': xml_output 
     } 
    ) 
    logger.info("Saved record to DynamoDB") 


def get_signed_url(expires_in, bucket, obj): 
    """ 
    Generate a signed URL 
    :param expires_in: URL Expiration time in seconds 
    :param bucket: 
    :param obj:   S3 Key name 
    :return:   Signed URL 
    """ 
    s3_cli = boto3.client("s3") 
    presigned_url = s3_cli.generate_presigned_url('get_object', Params={'Bucket': bucket, 'Key': obj}, 
                ExpiresIn=expires_in) 
    return presigned_url

來源

2016-08-17 Juanvulcano

+0

看起來你正試圖在你的lambda函數中執行一個子進程。如果你需要幫助,你需要顯示你的代碼。另外,我沒有看到數據庫(DynamoDB?)警報如何關聯。 –

+0

@MarkB我是,我需要什麼權限才能在AWS上執行子流程? – Juanvulcano

+0

因此,您已將此「mediainfo」腳本或可執行文件打包爲Lambda部署的一部分? –

回答

0

我相當肯定,這是由拉姆達執行環境施加的限制,但它可以通過在shell中執行腳本來解決。
儘量把電話子殼提供=真:

xml_output = subprocess.check_output(["./mediainfo", "--full", "--output=XML", signed_url], shell=True)

來源

2016-08-18 17:07:58

+0

謝謝,我有一天這個解決方案,但沒有嘗試過。我的問題很容易解決,我沒有將命令壓縮爲可執行文件,因此無法訪問它。使它成爲一個exe和壓縮再次解決了我的問題 – Juanvulcano

0

我遇到類似的情況。我收到的錯誤:

2016-11-28T01:49:01.304Z d4505c71-b50c-11e6-b0a1-65eecf2623cd Error: Command failed: /var/task/node_modules/youtube-dl/bin/youtube-dl --dump-json -f best https://soundcloud.com/bla/blabla 
python: can't open file '/var/task/node_modules/youtube-dl/bin/youtube-dl': [Errno 13] Permission denied

對於我(和所有其他)節點LAMBDA項目包含第三方庫,將有一個名爲「node_modules」(最教程,such as this one目錄,將詳細介紹如何創建這個目錄)擁有所有第三方軟件包及其依賴關係。相同的原則適用於其他支持的語言(目前是Python和Java)。 這些是亞馬遜實際上在林貝達AMIS上投放並試圖使用的文件。因此,要解決這個問題,在node_modules目錄(或其他目錄中的第三方庫住)這條命令:

chmod -R 777 /Users/bla/bla/bla/lambdaproject/node_modules

這個命令意味着使文件可讀,可寫和可執行的所有用戶。這顯然是執行Lambda函數的服務器所需要的,以便工作。希望這有助於!

來源

2016-11-28 03:36:54

+0

即使chmod'ing我的node_modules目錄後,我得到同樣的錯誤。你還需要做其他什麼嗎?我試過的所有其他模塊似乎工作 – Jon

+0

不是我能想到的。我的高層建議是按照[這樣的事情]自動化部署(https://medium.com/@AdamRNeary/a-gulp-workflow-for-amazon-lambda-61c2afd723b6#.aggupxrrr),以確保你不會「不要錯過任何步驟。作爲我的部署腳本之一的參考,[這是一個示例](https://github.com/josephecombs/automated_soundcloud_downloading/blob/master/downloadThenUpload/gulpfile.js)。 –

相關問題

 相關問題