Terraform 错误更新 CloudFront Distribution InvalidLambdaFunctionAssociation: 该函数不能有环境变量
Posted
技术标签:
【中文标题】Terraform 错误更新 CloudFront Distribution InvalidLambdaFunctionAssociation: 该函数不能有环境变量【英文标题】:Terraform error updating CloudFront Distribution InvalidLambdaFunctionAssociation: The function cannot have environment variables 【发布时间】:2021-10-15 20:48:16 【问题描述】:我正在尝试构建一个 terraform 模板,该模板创建一个 AWS S3 存储桶、Cloudfront Distribution 和一个应该与 Cloudfront Distribution 关联的 Lambda 函数。
将“lambda_function_association”添加到 Cloudfront 资源后,我会遇到以下错误。
Error: error updating CloudFront Distribution (XXXXXXXXXXXXXXX): InvalidLambdaFunctionAssociation: The function cannot have environment variables. Function: arn:aws:lambda:us-east-1:XXXXXXXXXXXXX:function:testtools:4
status code: 400, request id: 3ce25af1-8341-41c0-8d35-4c3c91c2c001
with aws_cloudfront_distribution.testtools,
on main.tf line 42, in resource "aws_cloudfront_distribution" "testtools":
42: resource "aws_cloudfront_distribution" "testtools"
lambda_function_association
event_type = "origin-response"
lambda_arn = "$aws_lambda_function.testtools.qualified_arn"
include_body = false
我认为它与函数关联内部使用的 lambda_arn 有关。
resource "aws_cloudfront_distribution" "testtools"
depends_on = [aws_s3_bucket.testtools, aws_lambda_function.testtools]
origin
domain_name = aws_s3_bucket.testtools.bucket_regional_domain_name
origin_id = var.s3_origin_id
s3_origin_config
origin_access_identity = aws_cloudfront_origin_access_identity.testtools.cloudfront_access_identity_path
enabled = true
is_ipv6_enabled = true
comment = "testtools"
default_root_object = "index.html"
provider = aws
logging_config
include_cookies = false
bucket = "testtools.s3.amazonaws.com"
prefix = "testtools"
aliases = ["testtools.int.test.net"]
default_cache_behavior
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = var.s3_origin_id
forwarded_values
query_string = false
cookies
forward = "none"
viewer_protocol_policy = "allow-all"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
lambda_function_association
event_type = "origin-response"
lambda_arn = "$aws_lambda_function.testtools.qualified_arn"
include_body = false
price_class = "PriceClass_200"
restrictions
geo_restriction
restriction_type = "whitelist"
locations = ["DE", "AU", "CH", "BG"]
tags =
Environment = "production"
viewer_certificate
acm_certificate_arn = var.ssl_cert_arn
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1"
resource "aws_lambda_function" "testtools"
filename = "lambda_function_payload.zip"
function_name = "testtools"
role = aws_iam_role.testtools.arn
handler = "index.test"
publish = true
provider = aws.useast1
source_code_hash = filebase64sha256("lambda_function_payload.zip")
runtime = "nodejs12.x"
environment
variables =
foo = "bar"
【问题讨论】:
这很明显:-) 【参考方案1】:使用 Lambda@edge 时,您的 lambda 必须遵守更多限制。一些限制还取决于您是将 lambda 链接到原始 req/res 还是查看器 req/res。
其中一个限制是您不能使用环境变量。您可以在此页面上找到更多信息:Lambda@Edge function restrictions
【讨论】:
以上是关于Terraform 错误更新 CloudFront Distribution InvalidLambdaFunctionAssociation: 该函数不能有环境变量的主要内容,如果未能解决你的问题,请参考以下文章
Terraform - 为 CloudFront IP 自动创建 SG
如何使用 Terraform 使 AWS CloudFront Distribution 缓存失效?
aws_cloudfront_distribution forwarded_values (Terraform) 中标头的语法是啥?
Terraform无法使用静态S3网站端点创建CloudFront的原点
Cloudfront 的 Terraform:InvalidHeadersForS3Origin,但我没有将 [*] 传递给任何 S3 源