amazon-web-services - Terraform - 在同一个存储桶上触发多个 aws_s3_bucket_notification

标签 amazon-web-services amazon-s3 terraform terraform-provider-aws

我需要为 S3 存储桶创建触发器。我们使用以下内容来创建触发器:

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = var.aws_s3_bucket_id

  lambda_function {
    lambda_function_arn = var.lambda_function_arn
    events              = ["s3:ObjectCreated:Put"]
    filter_prefix       = var.filter_prefix
    filter_suffix       = var.filter_suffix
  }
}

当存储桶还没有触发器时,这可以正常工作,除生产之外的所有环境都是这种情况。
当我们部署生产时,我们看到存储桶上已经存在的触发器被删除了。我们需要两个触发器。
我能够手动添加另一个触发器,例如 PUT 事件触发器,只需更改前缀,但是当我从 Terraform 执行此操作时,前一个总是被删除。有什么我想念的吗?

最佳答案

aws_s3_bucket_notification resource documentation在顶部提到了这一点:

NOTE: S3 Buckets only support a single notification configuration. Declaring multiple aws_s3_bucket_notification resources to the same S3 Bucket will cause a perpetual difference in configuration. See the example "Trigger multiple Lambda functions" for an option.



他们的例子展示了如何通过添加多个 lambda_function 来实现这一点。 aws_s3_bucket_notification 中的块资源:
resource "aws_iam_role" "iam_for_lambda" {
  name = "iam_for_lambda"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow"
    }
  ]
}
EOF
}

resource "aws_lambda_permission" "allow_bucket1" {
  statement_id  = "AllowExecutionFromS3Bucket1"
  action        = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.func1.arn}"
  principal     = "s3.amazonaws.com"
  source_arn    = "${aws_s3_bucket.bucket.arn}"
}

resource "aws_lambda_function" "func1" {
  filename      = "your-function1.zip"
  function_name = "example_lambda_name1"
  role          = "${aws_iam_role.iam_for_lambda.arn}"
  handler       = "exports.example"
  runtime       = "go1.x"
}

resource "aws_lambda_permission" "allow_bucket2" {
  statement_id  = "AllowExecutionFromS3Bucket2"
  action        = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.func2.arn}"
  principal     = "s3.amazonaws.com"
  source_arn    = "${aws_s3_bucket.bucket.arn}"
}

resource "aws_lambda_function" "func2" {
  filename      = "your-function2.zip"
  function_name = "example_lambda_name2"
  role          = "${aws_iam_role.iam_for_lambda.arn}"
  handler       = "exports.example"
}

resource "aws_s3_bucket" "bucket" {
  bucket = "your_bucket_name"
}

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = "${aws_s3_bucket.bucket.id}"

  lambda_function {
    lambda_function_arn = "${aws_lambda_function.func1.arn}"
    events              = ["s3:ObjectCreated:*"]
    filter_prefix       = "AWSLogs/"
    filter_suffix       = ".log"
  }

  lambda_function {
    lambda_function_arn = "${aws_lambda_function.func2.arn}"
    events              = ["s3:ObjectCreated:*"]
    filter_prefix       = "OtherLogs/"
    filter_suffix       = ".log"
  }
}

关于amazon-web-services - Terraform - 在同一个存储桶上触发多个 aws_s3_bucket_notification,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60502686/

上一篇:c# - 将配置值作为参数传递给实例方法 C#

下一篇:python - 使用 PyTorch LSTM,我可以使用与 input_size 不同的 hidden_​​size 吗?

相关文章:

azure - 如何使用 Terraform 在 Azure 应用服务中设置静态出站 IP 的 NAT 网关

amazon-web-services - Amplify 安装到现有 Vue/Bootstrap 项目时出错 : You may need an appropriate loader to handle this file type

object - 如何判断对象是否是 AWS S3 上的文件夹

javascript - 上传到亚马逊s3非常慢需要时间

amazon-web-services - 如何使用 boto3 访问存储桶

mysql - 无法在创建 MySQL 服务器的同一计划中使用 mysql

google-cloud-platform - 在 Terraform for GCP 中允许帐户和角色时出错

amazon-web-services - 如何在 VPC 上下文中将我的 AWS::EC2::DBSecurityGroup 连接到我的 AWS::RDS::DBSecurityGroup?

amazon-web-services - 复制 S3 文件的更快方法

amazon-web-services - 策略文档不应指定主体 - terraform aws_iam_policy_document

©2024 IT工具网  联系我们