【以下的问题经过翻译处理】 我在S3上有一个CloudFormation堆栈文件,从控制台启动它时可以很好地工作。但是,当我使用AWS Lambda中的boto3触发相同的脚本时,我会得到一个编码错误消息。解码后,我得到以下JSON输出。(为了可读性,已转换为YAML)
---
allowed: false
explicitDeny: false
matchedStatements:
items: []
failures:
items: []
context:
principal:
id: AROA3H7OMTCQKOORZGNNY:Spawn-reward-service
arn: arn:aws:sts::773057xxxxxx:assumed-role/Spawn-reward-service-role-g0vgzj5h/Spawn-reward-service
action: ec2:RequestSpotFleet
resource: arn:aws:ec2:us-east-1:773057xxxxxx:subnet/subnet-e18921ca
conditions:
items:
- key: ec2:Vpc
values:
items:
- value: arn:aws:ec2:us-east-1:773057xxxxxx:vpc/vpc-aa2884c1
- key: aws:Resource
values:
items:
- value: subnet/subnet-e18921ca
- key: aws:Account
values:
items:
- value: '773057xxxxxx'
- key: ec2:AvailabilityZone
values:
items:
- value: us-east-1e
- key: ec2:ResourceTag/Name
values:
items:
- value: 1e subnet
- key: ec2:SubnetID
values:
items:
- value: subnet-e18921ca
- key: aws:Region
values:
items:
- value: us-east-1
- key: aws:Service
values:
items:
- value: ec2
- key: aws:Type
values:
items:
- value: subnet
- key: 773057xxxxxx:Name
values:
items:
- value: 1e subnet
- key: ec2:Region
values:
items:
- value: us-east-1
- key: aws:ARN
values:
items:
- value: arn:aws:ec2:us-east-1:773057xxxxxx:subnet/subnet-e18921ca
Lambda角色包含以下策略:AmazonEC2SpotFleetTaggingRole, NetworkAdministrator and AWSCloudFormationFullAccess。不确定具体在哪里卡住了。
完整的lambda函数请参考:
import json, boto3
def lambda_handler(event, context):
cloudformation = boto3.client('cloudformation')
response = cloudformation.create_stack(
StackName='yj',
TemplateURL='https://s3.amazonaws.com/cf-templates-xxxxxxxxxxxx-us-east-1/reward-service-01-spot.yaml',
Parameters=[
{
'ParameterKey': 'InstanceType',
'ParameterValue': 't2.large'
}
]
)
return response