cloudFormation 模板验证错误:如何拆分 serverless.yml 文件
Posted
技术标签:
【中文标题】cloudFormation 模板验证错误:如何拆分 serverless.yml 文件【英文标题】:cloudFormation Template Validation Error: how to split serverless.yml file 【发布时间】:2020-07-10 06:24:43 【问题描述】:我在 A$$ 错误中遇到了臭名昭著的痛苦: CloudFormation 模板无效:模板格式错误:资源数,202,大于允许的最大值,200。
如何将其一分为二,并交叉引用资源?
有人可以与我分享一个例子或告诉我如何拆分我的吗?在过去的几天里,我一直在查看 aws 文档和大量论坛来解决这个问题,但我无法完全理解我需要做什么。我只需要能够添加更多函数/api 调用。
Serverless.yml
service: p-app-api
# Create an optimized package for our functions
package:
individually: true
plugins:
- serverless-bundle # Package our functions with Webpack
- serverless-offline
- serverless-dotenv-plugin
provider:
name: aws
runtime: nodejs10.x
stage: dev
region: us-east-2
environment:
stripeSecretKey: $env:STRIPE_SECRET_KEY
# 'iamRoleStatements' defines the permission policy for the Lambda function.
# In this case Lambda functions are granted with permissions to access DynamoDB.
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource: "arn:aws:dynamodb:us-east-2:433684495079:table/data"
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
Resource: "arn:aws:dynamodb:us-east-2:433684495079:table/data/index/zipCode-packageSelected-index"
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
Resource: "arn:aws:dynamodb:us-east-2:433684495079:table/data/index/jobId-index"
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource: "arn:aws:dynamodb:us-east-2:433684495079:table/Service"
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
Resource: "arn:aws:dynamodb:us-east-2:433684495079:table/Service/index/index"
- Effect: Allow
Action:
- s3:*
Resource: "arn:aws:s3:::service/public/*"
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource: "arn:aws:dynamodb:us-east-2:433684495079:table/Service"
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
Resource: "arn:aws:dynamodb:us-east-2:433684495079:table/data/index/packageSelected"
functions:
# Defines an HTTP API endpoint that calls the main function in create.js
# - path: url path is /notes
# - method: POST request
# - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
# domain api call
# - authorizer: authenticate using the AWS IAM role
create:
handler: create.main
events:
- http:
path: data
method: post
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
get:
# Defines an HTTP API endpoint that calls the main function in get.js
# - path: url path is /notes/id
# - method: GET request
handler: get.main
events:
- http:
path: data/id
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
list:
# Defines an HTTP API endpoint that calls the main function in list.js
# - path: url path is /notes
# - method: GET request
handler: list.main
events:
- http:
path: data
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
update:
# Defines an HTTP API endpoint that calls the main function in update.js
# - path: url path is /notes/id
# - method: PUT request
handler: update.main
events:
- http:
path: data/id
method: put
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
delete:
# Defines an HTTP API endpoint that calls the main function in delete.js
# - path: url path is /notes/id
# - method: DELETE request
handler: delete.main
events:
- http:
path: data/id
method: delete
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
createCustomer:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: createCustomer.main
events:
- http:
path: createCustomer
method: post
cors: true
authorizer:
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
updateCustomer:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: updateCustomer.main
events:
- http:
path: updateCustomer
method: post
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
listCustomerCard:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: listCustomerCard.main
events:
- http:
path: listCustomerCard/id
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
deleteCard:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: DeleteCard.main
events:
- http:
path: deleteCard/id/card
method: delete
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
getCustomerInfo:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: getCustomerInfo.main
events:
- http:
path: getCustomerInfo/id
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
updateCustomerCard:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: updateCustomerCard.main
events:
- http:
path: updateCustomerCard/id
method: post
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
createInvoice:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: createInvoice.main
events:
- http:
path: createInvoice
method: post
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
deleteInvoice:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: deleteInvoice.main
events:
- http:
path: deleteInvoice/id
method: delete
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
listInvoices:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: listInvoices.main
events:
- http:
path: listInvoices/id
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
ListNewJobs:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: ListNewJobs.main
events:
- http:
path: data/ListNewJobs
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
jobIndex:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: jobIndex.main
events:
- http:
path: data/jobIndex
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
updateJobStatus:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: updateJobStatus.main
events:
- http:
path: data/jobStatus
method: put
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
createNewJob:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: createNewJob.main
events:
- http:
path: ServiceJobs/createNewJob
method: post
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
listMyNewJobs:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: listMyNewJobs.main
events:
- http:
path: ServiceJobs/listMyNewJobs
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
DeleteMyNewJob:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: DeleteMyNewJob.main
events:
- http:
path: ServiceJobs/DeleteMyNewJob/id
method: delete
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
UpdateServiceJobList:
# Defines an HTTP API endpoint that calls the main function in update.js
# - path: url path is /notes/id
# - method: PUT request
handler: UpdateServiceJobList.main
events:
- http:
path: ServicesJobs/Update
method: put
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
ServiceIndex:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: ServiceIndex.main
events:
- http:
path: ServiceJobs/ServiceIndex
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
UpdateMyJob:
# Defines an HTTP API endpoint that calls the main function in update.js
# - path: url path is /notes/id
# - method: PUT request
handler: UpdateMyJob.main
events:
- http:
path: ServiceJobs/UpdateMyJob
method: put
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
PayInvoiceStripe:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: PayInvoiceStripe.main
events:
- http:
path: stripe/PayInvoice
method: post
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
StripeNewContractorAccount:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: StripeNewContractorAccount.main
events:
- http:
path: stripe/NewContractorAccount
method: post
cors: true
authorizer:
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
serviceInfoPut:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: serviceInfoPut.main
events:
- http:
path: serviceInfo/post
method: post
cors: true
authorizer:
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
ListJobsForEdit:
# Defines an HTTP API endpoint that calls the main function in billing.js
# - path: url path is /billing
# - method: POST request
handler: ListJobsForEdit.main
events:
- http:
path: data/index/packageSelected
method: get
cors: true
authorizer: aws_iam
arn: aws:cognito-idp:us-east-2:433684495079:userpool/us-east-2_Q0sUvw4Qy
# Create our resources with separate CloudFormation templates
resources:
# API Gateway Errors
- $file(resources/api-gateway-errors.yml)
【问题讨论】:
仍然无法弄清楚如何正确拆分它。 【参考方案1】:您想要的是使用 CloudFormation Nested Stacks,它们允许您使用 AWS::CloudFormation::Stack 资源类型引用另一个 CloudFormation 堆栈。
然后,您可以提供参数作为嵌套堆栈的输入,并在部署它们后检索它们的输出,这就是您在主堆栈和子堆栈之间进行通信的方式。
下面是嵌套堆栈引用的示例。
AWSTemplateFormatVersion: "2010-09-09"
Resources:
MyNestedStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: "https://s3.amazonaws.com/cloudformation-templates-us-east-2/EC2ChooseAMI.template"
Parameters:
Param1: "a-value"
Param2: "another-value"
请注意,TemplateURL 可以指向 S3 Bucket 链接或文件系统上的文件。一旦您想部署您的堆栈,就需要使用 AWS CLI 将它们设置为 packaged。
【讨论】:
感谢您的解释和资源。我查看了嵌套堆栈,但我仍然无法弄清楚如何正确拆分我的 serverless.yml 文件.... 在我提供的示例中,我说明了如何将新的嵌套堆栈资源添加到您的主堆栈中,只需引用您的嵌套堆栈位置即可。在此处查看另一个示例gist.github.com/idanlupinsky/1658650528b2c36d79a47b290caeff0e【参考方案2】:serverless-plugin-split-stacks 是要使用的插件。
文档在这里:serverless split stack
它将帮助您将堆栈拆分为嵌套堆栈,最大限制为 20。
【讨论】:
以上是关于cloudFormation 模板验证错误:如何拆分 serverless.yml 文件的主要内容,如果未能解决你的问题,请参考以下文章
使用带反斜杠的sed命令时出现AWS CloudFormation模板验证错误
CloudFormation 和 PowerShell:模板格式错误:结构不受支持
AWS CloudFormation:结合 ImportValue 和 Sub 函数会导致错误
AWS Cloudformation Fn::If 错误验证错误