【发布时间】:2020-11-04 00:01:39
【问题描述】:
我正在使用 CloudFormation 创建堆栈,但我目前在模板编写过程中苦苦挣扎。这是我的 JSON 模板:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"LambdaFunction": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
import json
import boto3
s3 = boto3.client('s3')
def lambda_handler(event, context): # Get bucket name from the S3 event
print(event)
bucket_name = event['detail']['requestParameters']['bucketName']
# Create a bucket policy
bucket_policy = json.dumps({
s3 = boto3.client('s3')
def lambda_handler(event, context): # Get bucket name from the S3 event
print(event)
bucket_name = event['detail']['requestParameters']['bucketName']
# Create a bucket policy
bucket_policy = json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Sid": "MustBeEncryptedAtRest",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::{}".format(bucket_name),
"arn:aws:s3:::{}/*".format(bucket_name)
],
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": [
"AES256",
"aws:kms"
]
}
}
},
{
"Sid": "MustBeEncryptedInTransit",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::{}".format(bucket_name),
"arn:aws:s3:::{}/*".format(bucket_name)
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
})
}
# Set the new policy s3.put_bucket_policy(Bucket = bucket_name, Policy = bucket_policy),
"Handler": lambda_handler,
"Role": ----
"Runtime": python3 .7
}
}
但我在"Code": import json 行上收到错误消息。我什至使用了不同的 JSON 验证器,但我不明白为什么它根据亚马逊 CloudFormation 格式不正确。
有什么想法吗?
【问题讨论】:
-
我没有使用过 CloudFormation,但这肯定不是有效的 JSON。对于有效的 JSON,
Code属性的整个值需要在字符串中。同样,您的Handler和Runtime属性也是可疑的。 -
我已经尝试过了
标签: json amazon-web-services amazon-s3 aws-lambda amazon-cloudformation