Я пытаюсь динамически изменить запись DNS в частной размещенной зоне route53.Для обеспечения я создал шаблон облачной информации.Облачное формирование завершается успешно, но функция LAmbda никогда не запускается.
Если я вручную удаляю и добавляю новый триггер Cloudwatch в функцию Lamda с помощью веб-консоли, все начинает работать нормально.Чего мне не хватает в шаблоне облачной информации?
ASGP:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
AutoScalingGroupName: 'MYScalingGroup'
Cooldown: 300
DesiredCapacity: 1
HealthCheckGracePeriod: 300
HealthCheckType: 'EC2'
LaunchConfigurationName:
Ref: MYLC
MaxSize: '3'
MinSize: '1'
LifecycleHookSpecificationList:
- LifecycleTransition: 'autoscaling:EC2_INSTANCE_LAUNCHING'
LifecycleHookName: 'launch_hook'
HeartbeatTimeout: 60
DefaultResult: 'CONTINUE'
- LifecycleTransition: 'autoscaling:EC2_INSTANCE_TERMINATING'
LifecycleHookName: 'terminate_hook'
HeartbeatTimeout: 60
DefaultResult: 'CONTINUE'
AvailabilityZones:
- !Select
- 0
- Fn::GetAZs:
Ref: "AWS::Region"
- !Select
- 1
- Fn::GetAZs:
Ref: "AWS::Region"
VPCZoneIdentifier:
- Ref: privateSubnet1
- Ref: privateSubnet2
MyLambda:
Type: "AWS::Lambda::Function"
Properties:
Code:
S3Bucket: '<bucket>'
S3Key: '<path-to-zip>'
Description: 'Lambda function to handle scaling events'
FunctionName: 'lambda_handler'
Handler: 'lambda_handler.lambda_handler'
Role: !GetAtt asgLifeCycleRole.Arn
Runtime: 'python3.6'
Tags:
- Key: 'Name'
Value: 'LAMBDA'
esScaleEventRule:
Type: 'AWS::Events::Rule'
Properties:
Description: 'Rule to match Cloudwatch Scale Event to Lambda function'
EventPattern:
source:
- "aws.autoscaling"
detail-type:
- "EC2 Instance-launch Lifecycle Action"
- "EC2 Instance-terminate Lifecycle Action"
detail:
AutoScalingGroupName:
- !Ref ASGP
Name: 'eventRule'
State: 'ENABLED'
Targets:
-
Arn: !GetAtt MyLambda.Arn
Id: 'MyLambda'
LambdaPermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt MyLambda.Arn
Principal: 'events.amazonaws.com'
SourceAccount: !Ref 'AWS::AccountId'
SourceArn: !GetAtt esScaleEventRule.Arn
asgLifeCycleRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version : '2012-10-17'
Statement:
-
Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: '/'
RoleName: 'dns_role'
Policies:
-
PolicyName: "mypolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "autoscaling:DescribeLifecycleHookTypes"
- "autoscaling:DescribeAutoScalingInstances"
- "ec2:Describe*"
- "logs:CreateLogStream"
- "autoscaling:CompleteLifecycleAction"
- "autoscaling:DescribeAutoScalingGroups"
- "autoscaling:DescribeTags"
- "route53:*"
- "dynamodb:*"
- "logs:CreateLogGroup"
- "logs:PutLogEvents"
- "autoscaling:DescribeLifecycleHooks"
Resource: "*"