triggers field

Parameter NameRequiredTypeParameter Description
nameTrueStringtrigger name
typeTrueEnumtrigger type
roleFalseStringUse the ARN of a RAM role to specify the execution role for the function, the event source will use this role to trigger the function execution, please ensure that the role has the permission to call the function
sourceArnFalseStringARN of the trigger event source
qualifierFalseStringVersion or alias of trigger function, default LATEST
configTrueStructTrigger configuration, including [OSS trigger](#OSS trigger), Log trigger, Log trigger, [Timer trigger](#Timer trigger), [Http trigger](#Http trigger), [MNS trigger](#MNS trigger), [CDN trigger](#CDN trigger)

type currently supports: http, timer, oss, log, mns_topic, cdn_events, tablestore

OSS triggers

Parameter NameRequiredTypeParameter Description
bucketNameTrueStringTarget bucket name in OSS
eventsTrueList<String>The list of events that trigger the function execution on the OSS side, Document: https://www.alibabacloud.com/help/en/doc-detail/62922.html#section-mf3-l4l-1nf
filterTrueStructTrigger condition

Examples:

triggers:  
  - name: oss    
    sourceArn: acs:oss:<region>:<account-id>:<buckctName>    
    type: oss    
    role: acs:ram::<account-id>:role/aliyunosseventnotificationrole    
    # qualifier: LATEST    
    config:      
      events:        
        - oss:ObjectCreated:*      
      filter:       
        Key:          
          Prefix: pppppppp          
          Suffix: ''
Sub-account permissions
Maximum permissions

AliyunFCFullAccess, AliyunOSSFullAccess

Operating minimum permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Action":[
                "oss:ListBucket",
                "oss:GetBucketEventNotification",
                "oss:PutBucketEventNotification",
                "oss:DeleteBucketEventNotification"
            ],
            "Effect":"Allow",
            "Resource":"*"
        }
    ]
}
Trigger role permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

filter

Parameter NameRequiredTypeParameter Description
KeyFalseStructkey value
Key
Parameter NameRequiredTypeParameter Description
PrefixFalseStringPrefix
SuffixFalseStringSuffix

Log trigger

Parameter NameRequiredTypeParameter Description
logConfigTrueStructLog Configuration
jobConfigTrueStructjob configuration
sourceConfigTrueStructsource configuration
functionParameterTrueStructThis parameter will be passed into the function as the Parameter of the function Event. The default value is empty ({})
enableTrueBooleanTrigger switch

References:

triggers:  
  - name: log    
    sourceArn: acs:log:<region>:<account-id>:project/<projectName>    
    type: log    
    role: acs:ram::<account-id>:role/aliyunlogetlrole    
    # qualifier: LATEST    
    config:      
      sourceConfig:        
        logstore: log      
      jobConfig:        
        maxRetryTime: 3        
        triggerInterval: 60      
      functionParameter: {}      
      logConfig:        
        project: test-data-abc-ss        
        logstore: log2      
      enable: false
Sub-account permissions
Maximum permissions

AliyunFCFullAccess, AliyunLogFullAccess

Operating minimum permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Effect":"Allow",
            "Action":[
                "log:GetEtlJob",
                "log:UpdateEtlJob",
                "log:CreateEtlJob",
                "log:DeleteEtlJob"
            ],
            "Resource":"*"
        }
    ]
}
Trigger role permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        },
        {
            "Action":[
                "log:Get*",
                "log:List*",
                "log:PostProjectQuery",
                "log:PutProjectQuery",
                "log:DeleteProjectQuery",
                "log:GetProjectQuery",
                "log:PostLogStoreLogs",
                "log:BatchPostLogStoreLogs",
                "log:CreateConsumerGroup",
                "log:UpdateConsumerGroup",
                "log:DeleteConsumerGroup",
                "log:ListConsumerGroup",
                "log:ConsumerGroupUpdateCheckPoint",
                "log:ConsumerGroupHeartBeat",
                "log:GetConsumerGroupCheckPoint"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

logConfig

Parameter NameRequiredTypeParameter Description
projectFalseStringLog project name
logstoreFalseStringThe name of the log store, the log of the function execution process triggered by the log service will be recorded in the log store

jobConfig

Parameter NameRequiredTypeParameter Description
maxRetryTimeFalseStringIndicates the maximum number of attempts allowed if an error is encountered when the log service triggers the function execution, the value range: [0,100]
triggerIntervalFalseStringThe time interval at which the log service triggers the function to run, value range: [3,600], unit: second

sourceConfig

Parameter NameRequiredTypeParameter Description
logstoreFalseStringThe trigger will periodically subscribe data from the log store to the function service for custom processing

functionParameter

Object format, for example:

TempKey: tempValue

Timer trigger

Parameter NameRequiredTypeParameter Description
cronExpressionTrueStringTime trigger expression, supports two settings: @every, cron expression
enableTrueBooleanWhether to enable this trigger
payloadFalseStringRepresents the input content of the trigger event itself

References:

triggers:  
  - name: timer    
    type: timer    
    # qualifier: LATEST    
    config:    
      payload: '{"s": "ss"}'    
      cronExpression: '@every 100m'    
      enable: false
Function permissions required by the sub-account
Maximum permissions

AliyunFCFullAccess

Least privilege
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:DeleteTrigger",
                "fc:UpdateTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/<serviceName>/functions/<functionName>/triggers/<triggerName>"
        }
    ]
}

Http trigger

Parameter NameRequiredTypeParameter Description
authTypeTrueStringAuthentication type, optional values: anonymous, function
methodsTrueList<String>Access methods supported by HTTP triggers, optional values: GET, POST, PUT, DELETE, HEAD

Examples:

triggers:  
  - name: httpTrigger    
    type: http    
    # qualifier: LATEST    
    config:      
      authType: anonymous      
      methods:        
        - GET
Function permissions required by the sub-account
Maximum permissions

AliyunFCFullAccess

Least privilege
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:DeleteTrigger",
                "fc:UpdateTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/<serviceName>/functions/<functionName>/triggers/<triggerName>"
        }
    ]
}

MNS Triggers

Parameter NameRequiredTypeParameter Description
topicNameTrueStringmns topic name
regionFalseListThe region where the mns topic is located, if not filled, the default is the same region as the function
notifyContentFormatFalseStringThe format of the input parameter event pushed to the function, optional values: STREAM, JSON
notifyStrategyFalseStringRetry strategy for calling the function, optional values: BACKOFF_RETRY, EXPONENTIAL_DECAY_RETRY
filterTagFalseStringDescribes the tag of message filtering in this subscription (only messages with the same tag will be pushed), a string of no more than 16 characters, message filtering is not performed by default, that is, this field is not filled in by default

References:

triggers:  
  - name: mns    
    sourceArn: acs:mns:<region>:<account-id>:/topics/test    
    type: mns_topic    
    role: acs:ram::<account-id>:role/aliyunmnsnotificationrole    
    # qualifier: LATEST    
    config:      
      filterTag: ss      
      notifyContentFormat: STREAM      
      notifyStrategy: BACKOFF_RETRY
Function permissions required by the sub-account
Maximum permissions

AliyunFCFullAccess, AliyunMNSFullAccess

Operating minimum permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Effect":"Allow",
            "Action":[
                "mns:Subscribe",
                "mns:Unsubscribe"
            ],
            "Resource":"*"
        }
    ]
}
Trigger role permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

CDN Triggers

Parameter NameRequiredTypeParameter Description
eventNameTrueStringThe event that triggers function execution on the CDN side, once created, cannot be changed
eventVersionTrueStringThe version that triggers the function execution event on the CDN side, once created, it cannot be changed
notesTrueStringNotes information
filterTrueStructFilter (requires at least one filter)

References:

triggers:  
  - name: cdn    
    sourceArn: acs:cdn:*:<account-id>    
    type: cdn_events    
    role: <roleArn>    
    # qualifier: LATEST    
    config:      
      eventName: CachedObjectsBlocked      
      eventVersion: 1.0.0      
      notes: shshhs      
      filter:        
        domain:         
          - sss
Sub-account permissions
Maximum permissions

AliyunFCFullAccess, AliyunCDNFullAccess

Operating minimum permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Effect":"Allow",
            "Action":[
                "cdn:UpdateFCTrigger",
                "cdn:DeleteFCTrigger",
                "cdn:DescribeFCTrigger",
                "cdn:AddFCTrigger"
            ],
            "Resource":"*"
        }
    ]
}
Trigger role permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

filter

Parameter NameRequiredTypeParameter Description
domainTrueList<String>Collection of filter parameter values

Tablestore triggers

Parameter NameRequiredTypeParameter Description
instanceNameTrueStringName of the Tablestore instance
tableNameTrueStringtable name in instance

References:

triggers:  
  - name: ots    
    sourceArn: acs:ots:<region>:<account-id>:instance/<instance>/table/<table>    
    type: tablestore    
    role: acs:ram::<account-id>:role/AliyunTableStoreStreamNotificationRole    
    # qualifier: 1 
    # LATEST    
    config: 
      instanceName: xxx
      tableName: xxx
Function permissions required by the sub-account
Maximum permissions

AliyunFCFullAccess, AliyunOTSFullAccess

Operating minimum permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Effect":"Allow",
            "Action":[
                "ots:GetTrigger",
                "ots:UpdateTrigger",
                "ots:CreateTrigger",
                "ots:DeleteTrigger"
            ],
            "Resource":"*"
        }
    ]
}
Trigger role permissions
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "ots:BatchGet*",
                "ots:Describe*",
                "ots:Get*",
                "ots:List*"
            ],
            "Resource":"*",
            "Effect":"Allow"
        },
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}
Edit this page on GitHub Updated at Wed, Sep 21, 2022