1. 首頁
  2. 問答
  3. 未知Cloudformation錯誤/未能執行更改集

未知Cloudformation錯誤/未能執行更改集

2017-07-18 29 views
1

我正在設置我的Java AWS lambda函數以通過Codepipeline - > Cloudformation進行部署,並且在使用Cloudformation時遇到了一些困難。我之前和Terraform一起工作過,所以我瞭解一般概念......未知Cloudformation錯誤/未能執行更改集

爲了澄清,我的代碼位於Codecommit存儲庫中,一切都由Codestar設置,因此它創建了一個代碼管道,一步部署(生成變更集,執行變更集)。現在,我只是標記了Codestar在存儲庫中創建的樣本template.yml文件,因此引用了HelloWorld。

除了template.yml文件,我還有一個Codebuild的buildspec.yml文件,雖然構建過程成功完成。

以下是我的template.yml cloudformation腳本。 Codepipeline部署階段中的ChangeSet步驟成功完成,但是ExecuteChangeset步驟失敗,並且「沒有提供原因」(超級有用)。點擊詳細信息鏈接將我帶到執行步驟的Cloudformation頁面,該步驟實際上不會顯示任何錯誤。它顯示了我希望看到的一些添加/刪除步驟,但不是我認爲需要發生的所有步驟。如果我點擊「執行」時,出現以下錯誤:

Error: Failed to execute change set: ChangeSet [arn:aws:cloudformation:us-east-1:XXXXXXXXXXXX:stack/awscodestar-test2-lambda/07e71ee0-6a73-11e7-bee5-50d5cd24fac6] cannot be executed in its current execution status of [EXECUTE_FAILED]

我在做什麼錯在這裏?我沒有很好地掌握Fn :: GetAtt的調用,但我嘗試了幾種不喜歡的方式。

**除了確定什麼錯,我有兩個問題:

  1. 請解釋什麼我應該在FN :: GetAtt函數調用來引用?它是我嘗試撥打的資源頂部提供的資源名稱(例如GetHelloWorld)嗎?或者是作爲該資源屬性提供的顯式名稱(即FunctionName)?

  2. 在Lambda函數聲明中,我試圖設置事件觸發器內嵌,然後需要引用Lambda函數。我是否可以在嵌套在Lambda函數資源中的Event聲明中引用Lambda函數資源?

以下是我的template.yml文件。

AWSTemplateFormatVersion: 2010-09-09 
Transform: 
- AWS::Serverless-2016-10-31 
- AWS::CodeStar 

Parameters: 
    ProjectId: 
    Type: String 
    Description: AWS CodeStar projectID used to associate new resources to team members 

Resources: 
    RoleForLambda: 
    Type: "AWS::IAM::Role" 
    Properties: 
     AssumeRolePolicyDocument: 
     Version: "2012-10-17" 
     Statement: 
      - Effect: "Allow" 
      Principal: 
       Service: "lambda.amazonaws.com" 
      Action: "sts:AssumeRole" 
     Policies: 
     - PolicyName: s3put 
     PolicyDocument: 
      Version: "2012-10-17" 
      Statement: 
      - Effect: "Allow" 
      Action: 
      - 'logs:CreateLogGroup' 
      - 'logs:CreateLogStream' 
      - 'logs:PutLogEvents' 
      - 's3:PutObject' 
      Resource: 
      - 'arn:aws:logs:*:*:*' 
      - 'arn:aws:s3:*' 
    GetHelloWorld: 
    Type: AWS::Serverless::Function 
    Properties: 
     Handler: com.aws.codestar.projecttemplates.handler.HelloWorldHandler 
     Runtime: java8 
     Timeout: 60 
     MemorySize: 256 
     Role: 
     'Fn::GetAtt': 
      - RoleForLambda 
      - Arn 
    ScheduleRule: 
     Type: 'AWS::Events::Rule' 
     Properties: 
     Name: DownloadFiles 
     ScheduleExpression: 'cron(2,7,12,17,22,27,32,37,42,47,52,57 * * * ? *)' 
     State: ENABLED 
     Targets: 
      - Arn: 
       'Fn::GetAtt': 
       - GetHelloWorld 
       - Arn 
      Id: downloadFiles 
    LambdaInvokePermission: 
     Type: "AWS::Lambda::Permission" 
     Properties: 
     Action: lambda:InvokeFunction 
     FunctionName: GetHelloWorld 
     Principal: events.amazonaws.com 
     SourceAccount: AWS::XXXXXXXXXXXX 
     SourceArn: 
      - Arn: 
       'Fn::GetAtt': 
       - ScheduleRule 
       - Arn

來源

2017-07-18 Brooks

回答

1

如果其他人得到這個類似的問題。原來,我有一些語法錯誤,我敢肯定,還有其他問題......這是一個工作模板。

AWSTemplateFormatVersion: 2010-09-09 
Description: >- 
    This Lambda function does something 
Parameters: 
    ProjectId: 
    Description: AWS CodeStar projectID used to associate new resources to team members 
    Type: String 
Resources: 
    DownloadRole: 
    Type: 'AWS::IAM::Role' 
    Properties: 
     AssumeRolePolicyDocument: 
     Version: 2012-10-17 
     Statement: 
      - Sid: '' 
      Effect: Allow 
      Principal: 
       Service: lambda.amazonaws.com 
      Action: 'sts:AssumeRole' 
     Policies: 
     - PolicyName: PutS3Policy 
      PolicyDocument: 
      Version: 2012-10-17 
      Statement: 
       - Effect: Allow 
       Action: 
        - 'logs:CreateLogGroup' 
        - 'logs:CreateLogStream' 
        - 'logs:PutLogEvents' 
        - 's3:PutObject' 
        - 's3:PutObjectAcl' 
        - 's3:PutObjectTagging' 
        - 'sns:Publish' 
       Resource: 
        - 'arn:aws:logs:*:*:*' 
        - 'arn:aws:s3:::myBucket' 
        - 'arn:aws:s3:::myBucket/*' 
        - 'arn:aws:sns:us-east-1:xxxxxxxxxxxx:SNS_TOPIC' 
     Path:/
    DownloadFunction: 
    Type: 'AWS::Lambda::Function' 
    Properties: 
     Handler: 'com.mycompany.download.LambdaFunction::lambdaHandler' 
     MemorySize: '256' 
     Description: A scheduled Lambda function 
     FunctionName: Download 
     Role: !GetAtt 
     - DownloadRole 
     - Arn 
     Runtime: java8 
     Timeout: '60' 
    DependsOn: 
     - DownloadRole 
    ScheduleRule: 
    Type: 'AWS::Events::Rule' 
    Properties: 
     Name: DownloadFiles 
     ScheduleExpression: 'cron(2,7,12,17,22,27,32,37,42,47,52,57 * * * ? *)' 
     State: ENABLED 
     Targets: 
     - Arn: !GetAtt 
      - DownloadFunction 
      - Arn 
      Id: DownloadFiles 
    DependsOn: 
     - DownloadFunction 
    LambdaInvokePermission: 
    Type: 'AWS::Lambda::Permission' 
    Properties: 
     FunctionName: !GetAtt 
     - DownloadFunction 
     - Arn 
     Action: 'lambda:InvokeFunction' 
     Principal: events.amazonaws.com 
     SourceArn: !GetAtt 
     - ScheduleRule 
     - Arn 
    DependsOn: 
     - DownloadFunction 
     - ScheduleRule

來源

2017-07-23 20:28:12 Brooks

相關問題

 相關問題