https://docs.aws.amazon.com/ja_jp/lambda/latest/dg/with-sqs-cross-account-example.html
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 jqインストール
sudo yum -y install jq
-- 2. 実行ロールを作成する[アカウントA]
aws sts get-caller-identity
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json
-- 3. ポリシーをロールにアタッチ[アカウントA]
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole \
--role-name role01
-- 4. Lambda 関数を作成する[アカウントA]
vim test.js
exports.handler = async function(event, context) {
event.Records.forEach(record => {
const { body } = record;
console.log(body);
});
return {};
}
chmod 755 test.js
zip test.zip test.js
aws lambda create-function \
--function-name func01 \
--zip-file fileb://test.zip \
--handler test.handler \
--runtime nodejs12.x \
--role arn:aws:iam::999999999999:role/role01
aws lambda list-functions | grep func01
aws lambda get-function --function-name func01
-- 5. 関数をテストする[アカウントA]
vim inputfile.txt
{
"Records": [
{
"messageId": "059f36b4-87a3-44ab-83d2-661975830a7d",
"receiptHandle": "AQEBwJnKyrHigUMZj6rYigCgxlaS3SLy0a...",
"body": "test",
"attributes": {
"ApproximateReceiveCount": "1",
"SentTimestamp": "1545082649183",
"SenderId": "AIDAIENQZJOLO23YVJ4VO",
"ApproximateFirstReceiveTimestamp": "1545082649185"
},
"messageAttributes": {},
"md5OfBody": "098f6bcd4621d373cade4e832627b4f6",
"eventSource": "aws:sqs",
"eventSourceARN": "arn:aws:sqs:us-east-1:123456789012:example-queue",
"awsRegion": "us-east-1"
}
]
}
aws lambda invoke \
--function-name func01 \
--invocation-type RequestResponse \
--payload file://inputfile.txt \
outputfile.txt \
--cli-binary-format raw-in-base64-out
cat outputfile.txt
-- 6. Amazon SQS キュー を作成する[アカウントB]
aws sts get-caller-identity
aws sqs create-queue \
--queue-name qu01 \
--attributes '{"Policy": "{\"Version\":\"2012-10-17\",\"Id\":\"Queue1_Policy_UUID\",\"Statement\":[{\"Sid\":\"Queue1_AllActions\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::999999999999:role/role01\"},\"Action\":\"sqs:*\",\"Resource\":\"arn:aws:sqs:ap-northeast-1:888888888888:qu01\"}]}"}'
aws sqs list-queues
aws sqs get-queue-attributes \
--queue-url https://sqs.ap-northeast-1.amazonaws.com/888888888888/qu01 \
--attribute-names All
-- 7. イベントソースを設定する[アカウントA]
aws lambda create-event-source-mapping \
--function-name func01 \
--batch-size 1 \
--event-source-arn arn:aws:sqs:ap-northeast-1:888888888888:qu01
aws lambda list-event-source-mappings \
--function-name func01 \
--event-source-arn arn:aws:sqs:ap-northeast-1:888888888888:qu01
-- 8. セットアップをテストする[アカウントB]
メッセージ数確認
aws sqs get-queue-attributes \
--queue-url https://sqs.ap-northeast-1.amazonaws.com/888888888888/qu01 \
--attribute-names All
メッセージ送信
aws sqs send-message \
--queue-url https://sqs.ap-northeast-1.amazonaws.com/888888888888/qu01 \
--message-body 'Hello World!'
メッセージ受信
aws sqs receive-message \
--queue-url https://sqs.ap-northeast-1.amazonaws.com/888888888888/qu01
全メッセージ削除
aws sqs purge-queue \
--queue-url https://sqs.ap-northeast-1.amazonaws.com/888888888888/qu01
-- 9. クリーンアップ
-- SQSキュー削除[アカウントB]
aws sqs list-queues
aws sqs delete-queue \
--queue-url https://sqs.ap-northeast-1.amazonaws.com/888888888888/qu01
※削除してもしばらく消えない
-- Lambda関数の削除[アカウントA]
aws lambda get-function --function-name func01
aws lambda delete-function --function-name func01
-- ロールの削除[アカウントA]
aws iam list-roles | grep role01
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole
aws iam delete-role --role-name role01
