Terraform - 同一个存储桶上的多个 aws_s3_bucket_notification 触发器
Posted
技术标签:
【中文标题】Terraform - 同一个存储桶上的多个 aws_s3_bucket_notification 触发器【英文标题】:Terraform - Multiple aws_s3_bucket_notification triggers on the same bucket 【发布时间】:2020-06-15 13:35:06 【问题描述】:我需要为 S3 存储桶创建触发器。我们使用以下内容来创建触发器:
resource "aws_s3_bucket_notification" "bucket_notification"
bucket = var.aws_s3_bucket_id
lambda_function
lambda_function_arn = var.lambda_function_arn
events = ["s3:ObjectCreated:Put"]
filter_prefix = var.filter_prefix
filter_suffix = var.filter_suffix
当存储桶没有触发器时,这可以正常工作,除了生产之外的所有环境都是这种情况。 当我们部署生产时,我们看到存储桶上已经存在的触发器被删除了。我们需要两个触发器。 我可以手动添加另一个触发器,例如只需更改前缀即可添加一个 PUT 事件触发器,但是当我从 Terraform 执行此操作时,前一个总是被删除。我有什么遗漏吗?
【问题讨论】:
【参考方案1】:aws_s3_bucket_notification
resource documentation 在顶部提到了这一点:
注意: S3 存储桶仅支持单一通知配置。将多个
aws_s3_bucket_notification
资源声明到同一个 S3 存储桶将导致配置的永久差异。有关选项,请参阅示例“触发多个 Lambda 函数”。
他们的示例显示了如何通过在 aws_s3_bucket_notification
资源中添加多个 lambda_function
块来完成此操作:
resource "aws_iam_role" "iam_for_lambda"
name = "iam_for_lambda"
assume_role_policy = <<EOF
"Version": "2012-10-17",
"Statement": [
"Action": "sts:AssumeRole",
"Principal":
"Service": "lambda.amazonaws.com"
,
"Effect": "Allow"
]
EOF
resource "aws_lambda_permission" "allow_bucket1"
statement_id = "AllowExecutionFromS3Bucket1"
action = "lambda:InvokeFunction"
function_name = "$aws_lambda_function.func1.arn"
principal = "s3.amazonaws.com"
source_arn = "$aws_s3_bucket.bucket.arn"
resource "aws_lambda_function" "func1"
filename = "your-function1.zip"
function_name = "example_lambda_name1"
role = "$aws_iam_role.iam_for_lambda.arn"
handler = "exports.example"
runtime = "go1.x"
resource "aws_lambda_permission" "allow_bucket2"
statement_id = "AllowExecutionFromS3Bucket2"
action = "lambda:InvokeFunction"
function_name = "$aws_lambda_function.func2.arn"
principal = "s3.amazonaws.com"
source_arn = "$aws_s3_bucket.bucket.arn"
resource "aws_lambda_function" "func2"
filename = "your-function2.zip"
function_name = "example_lambda_name2"
role = "$aws_iam_role.iam_for_lambda.arn"
handler = "exports.example"
resource "aws_s3_bucket" "bucket"
bucket = "your_bucket_name"
resource "aws_s3_bucket_notification" "bucket_notification"
bucket = "$aws_s3_bucket.bucket.id"
lambda_function
lambda_function_arn = "$aws_lambda_function.func1.arn"
events = ["s3:ObjectCreated:*"]
filter_prefix = "AWSLogs/"
filter_suffix = ".log"
lambda_function
lambda_function_arn = "$aws_lambda_function.func2.arn"
events = ["s3:ObjectCreated:*"]
filter_prefix = "OtherLogs/"
filter_suffix = ".log"
【讨论】:
以上是关于Terraform - 同一个存储桶上的多个 aws_s3_bucket_notification 触发器的主要内容,如果未能解决你的问题,请参考以下文章
从托管在 S3 存储桶上的站点访问 AWS API 时出现 CORS 问题 [关闭]