AWS 中国区Lambda 部署指南
serverless 框架中部署Lambda + API Gateway:
-
Lambda 服务目前只在北京区域(cn-north-1)上线,宁夏区域(cn-northwest-1)目前不支持。
-
API 部署时,需要为
API Gateway
配置Principal
,配置方法如下:1
2
3
4
5resources:
Resources:
AppLambdaPermissionApiGateway:
Properties:
Principal: apigateway.amazonaws.com -
部署后的API 不能直接访问,需要配置一个在光环新网上备案的域名,或者使用
aws_iam
方式访问接口,配置方法如下:1
2
3
4
5
6
7
8functions:
app:
handler: index.handler
events:
- http:
method: ANY
path: /
authorizer: aws_iam使用
Postman
方式访问方法如下,Authorization 的方式选择 AWS Signature,然后使用IAM账户的AccessKey 和 SecretKey,AWS Region 填写 cn-north-1,Service Name 填写 execute-api:
-
不要在
provider
和functions
中配置environment
,这一配置在cn-north-1
区域不支持 -
以下是一个简单的 serverless 配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64service: serverless-aap2
custom:
tableName: 'users-table-${self:provider.stage}'
dynamodb:
start:
migrate: true
provider:
name: aws
runtime: nodejs8.10
stage: dev
endpointType: REGIONAL
region: cn-north-1
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource:
- { "Fn::GetAtt": ["UsersDynamoDBTable", "Arn" ] }
#environment:
#USERS_TABLE: ${self:custom.tableName}
plugins:
- serverless-dynamodb-local
- serverless-offline
functions:
app:
handler: index.handler
events:
- http:
method: ANY
path: /
authorizer: aws_iam
- http:
method: ANY
path: '{proxy+}'
authorizer: aws_iam
resources:
Resources:
AppLambdaPermissionApiGateway:
Properties:
Principal: apigateway.amazonaws.com
UsersDynamoDBTable:
Type: 'AWS::DynamoDB::Table'
Properties:
AttributeDefinitions:
-
AttributeName: userId
AttributeType: S
KeySchema:
-
AttributeName: userId
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
TableName: ${self:custom.tableName}