AWS 中国区Lambda 部署指南

serverless 框架中部署Lambda + API Gateway:

  1. Lambda 服务目前只在北京区域(cn-north-1)上线,宁夏区域(cn-northwest-1)目前不支持。

  2. API 部署时,需要为 API Gateway 配置Principal,配置方法如下:

    1
    2
    3
    4
    5
    resources:
    Resources:
    AppLambdaPermissionApiGateway:
    Properties:
    Principal: apigateway.amazonaws.com

  3. 部署后的API 不能直接访问,需要配置一个在光环新网上备案的域名,或者使用 aws_iam方式访问接口,配置方法如下:

    1
    2
    3
    4
    5
    6
    7
    8
    functions:
    app:
    handler: index.handler
    events:
    - http:
    method: ANY
    path: /
    authorizer: aws_iam

    使用Postman方式访问方法如下,Authorization 的方式选择 AWS Signature,然后使用IAM账户的AccessKey 和 SecretKey,AWS Region 填写 cn-north-1,Service Name 填写 execute-api:

    image-20180507180000661

  4. 不要在 providerfunctions中配置environment,这一配置在cn-north-1区域不支持

  5. 以下是一个简单的 serverless 配置:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    service: serverless-aap2

    custom:
    tableName: 'users-table-${self:provider.stage}'
    dynamodb:
    start:
    migrate: true

    provider:
    name: aws
    runtime: nodejs8.10
    stage: dev
    endpointType: REGIONAL
    region: cn-north-1
    iamRoleStatements:
    - Effect: Allow
    Action:
    - dynamodb:Query
    - dynamodb:Scan
    - dynamodb:GetItem
    - dynamodb:PutItem
    - dynamodb:UpdateItem
    - dynamodb:DeleteItem
    Resource:
    - { "Fn::GetAtt": ["UsersDynamoDBTable", "Arn" ] }
    #environment:
    #USERS_TABLE: ${self:custom.tableName}
    plugins:
    - serverless-dynamodb-local
    - serverless-offline

    functions:
    app:
    handler: index.handler
    events:
    - http:
    method: ANY
    path: /
    authorizer: aws_iam
    - http:
    method: ANY
    path: '{proxy+}'
    authorizer: aws_iam

    resources:
    Resources:
    AppLambdaPermissionApiGateway:
    Properties:
    Principal: apigateway.amazonaws.com
    UsersDynamoDBTable:
    Type: 'AWS::DynamoDB::Table'
    Properties:
    AttributeDefinitions:
    -
    AttributeName: userId
    AttributeType: S
    KeySchema:
    -
    AttributeName: userId
    KeyType: HASH
    ProvisionedThroughput:
    ReadCapacityUnits: 1
    WriteCapacityUnits: 1
    TableName: ${self:custom.tableName}

微信公众号

© 2018 ray