无服务器框架未正确配置对 SNS 主题的 Lambda 订阅

Question

我正在尝试使用无服务器框架来实现这个简单的架构：

文件上传到 S3 存储桶 --> SNS 主题 --> 2 个 Lambda 函数

实际上我只是用 1 个 lambda 函数进行测试，这是我的代码：

service: MyImageLibrary

provider:
  name: aws
  runtime: python3.6
  stage: dev
  region: us-west-2

package:
  individually: true

functions:
    handler: index.lambda_handler

resources:
  Resources:

ImageUploadedTopic:
  Type: AWS::SNS::Topic
  Properties:
    TopicName: SNSTopicImageUploadedTopic

ImageUploadedTopicSubscription:
  Type: AWS::SNS::Subscription
  Properties:
    Endpoint:
      Fn::GetAtt: [ TestLambdaFunction , "Arn" ]
    Protocol: lambda
    TopicArn:
      arn:aws:sns:us-west-2:xxxxxxxxxxx:SNSTopicImageUploadedTopic

ImageUploadedTopicPolicy:
  Type: AWS::SNS::TopicPolicy
  Properties:
    PolicyDocument:
      Version: '2012-10-17'
      Statement:
      - Sid: AllowBucketToPushNotificationEffect
        Effect: Allow
        Principal:
          Service: s3.amazonaws.com
        Action: sns:Publish
        Resource: "*"
    Topics:
      - arn:aws:sns:us-west-2:xxxxxxxxxxx:SNSTopicImageUploadedTopic

MyImagesBucket:
  Type: AWS::S3::Bucket
  DependsOn: ImageUploadedTopicPolicy
  Properties:
    BucketName: ${self:custom.bucketName}
    NotificationConfiguration:
      TopicConfigurations:
        - Event: s3:ObjectCreated:*
          Topic: 
            arn:aws:sns:us-west-2:xxxxxxxxxxxx:SNSTopicImageUploadedTopic
    CorsConfiguration:
      CorsRules:
      - AllowedMethods:
        - GET
        - PUT
        - POST
        - HEAD
        AllowedOrigins:
        - "*"
        AllowedHeaders:
        - "*"

在控制台中，我可以看到 Lambda 函数订阅了主题：

但在 Lambda 函数中，SNS 主题未在 Trigger 部分中设置：

我错过了什么吗？

Answer 1

好的，我知道了！

我必须添加另一个权限以允许 SNS 主题触发 Lambda 函数：

TestLambdaFunctionPermission: 
  Type: AWS::Lambda::Permission
  Properties:
    Action: lambda:InvokeFunction
    Principal: sns.amazonaws.com 
    SourceArn:
      Ref: ImageUploadedTopic
    FunctionName:
      Fn::GetAtt: [ TestLambdaFunction, "Arn" ]

现在在控制台中，我可以将 SNS 作为我的 Lambda 函数的触发器 :)