triggers字段

参数名必填类型参数描述
nameTrueString触发器名称
typeTrueEnum触发器类型
roleFalseString使用一个 RAM 角色的 ARN 为函数指定执行角色,事件源会使用该角色触发函数执行,请确保该角色有调用函数的权限
sourceArnFalseString触发器事件源的 ARN
qualifierFalseString触发器函数的版本或者别名,默认 LATEST
configTrueStruct触发器配置,包括OSS触发器, Log触发器, Log触发器, Timer触发器, Http触发器, MNS触发器, CDN触发器, EventBridge触发器

type目前支持:http, timer, oss, log, mns_topic, cdn_events, tablestore, eventbridge

OSS触发器

参数名必填类型参数描述
bucketNameTrueStringOSS 中目标 bucket 名称
eventsTrueList<String>OSS 端触发函数执行的事件列表, 相关文档:https://help.aliyun.com/document_detail/62922.html#section-mf3-l4l-1nf
filterTrueStruct触发条件

参考案例:

triggers:  
  - name: oss    
    sourceArn: acs:oss:<region>:<account-id>:<buckctName>    
    type: oss    
    role: acs:ram::<account-id>:role/aliyunosseventnotificationrole    
    # qualifier: LATEST    
    config:      
      events:        
        - oss:ObjectCreated:*      
      filter:       
        Key:          
          Prefix: pppppppp          
          Suffix: ''

权限配置相关

子账号权限
最大权限

AliyunFCFullAccessAliyunOSSFullAccess

操作最小权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Action":[
                "oss:ListBucket",
                "oss:GetBucketEventNotification",
                "oss:PutBucketEventNotification",
                "oss:DeleteBucketEventNotification"
            ],
            "Effect":"Allow",
            "Resource":"*"
        }
    ]
}
触发器角色权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

filter

参数名必填类型参数描述
KeyTrueStruct键值
Key
参数名必填类型参数描述
PrefixTrueString前缀
SuffixTrueString后缀

Log触发器

参数名必填类型参数描述
logConfigTrueStruct日志配置
jobConfigTrueStructjob配置
sourceConfigTrueStructsource配置
functionParameterTrueStruct该参数将作为函数Event的Parameter传入函数。默认值为空({})
enableTrueBoolean触发器开关

参考案例:

triggers:  
  - name: log    
    sourceArn: acs:log:<region>:<account-id>:project/<projectName>    
    type: log    
    role: acs:ram::<account-id>:role/aliyunlogetlrole    
    # qualifier: LATEST    
    config:      
      sourceConfig:        
        logstore: log      
      jobConfig:        
        maxRetryTime: 3        
        triggerInterval: 60      
      functionParameter: {}      
      logConfig:        
        project: test-data-abc-ss        
        logstore: log2      
      enable: false

权限配置相关

子账号权限
最大权限

AliyunFCFullAccessAliyunLogFullAccess

最小权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Effect":"Allow",
            "Action":[
                "log:GetEtlJob",
                "log:UpdateEtlJob",
                "log:CreateEtlJob",
                "log:DeleteEtlJob"
            ],
            "Resource":"*"
        }
    ]
}
触发器角色权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        },
        {
            "Action":[
                "log:Get*",
                "log:List*",
                "log:PostProjectQuery",
                "log:PutProjectQuery",
                "log:DeleteProjectQuery",
                "log:GetProjectQuery",
                "log:PostLogStoreLogs",
                "log:BatchPostLogStoreLogs",
                "log:CreateConsumerGroup",
                "log:UpdateConsumerGroup",
                "log:DeleteConsumerGroup",
                "log:ListConsumerGroup",
                "log:ConsumerGroupUpdateCheckPoint",
                "log:ConsumerGroupHeartBeat",
                "log:GetConsumerGroupCheckPoint"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

logConfig

参数名必填类型参数描述
projectTrueString日志项目名称
logstoreTrueString日志仓库名称,日志服务触发函数执行过程的日志会记录到该日志仓库中

jobConfig

参数名必填类型参数描述
maxRetryTimeFalseString表示日志服务触发函数执行时,如果遇到错误,所允许的最大尝试次数,取值范围:[0,100]
triggerIntervalFalseString日志服务触发函数运行的时间间隔,取值范围:[3,600],单位:秒

sourceConfig

参数名必填类型参数描述
logstoreTrueString触发器会定时从该日志仓库中订阅数据到函数服务进行自定义加工

functionParameter

Object格式,例如:

TempKey: tempValue

Timer触发器

参数名必填类型参数描述
cronExpressionTrueString时间触发器表达式,支持两种设置:@every、cron 表达式
enableTrueBoolean是否启用该触发器
payloadFalseString代表触发器事件本身的输入内容

参考案例:

triggers:  
  - name: timer    
    type: timer    
    # qualifier: LATEST    
    config:    
      payload: '{"s": "ss"}'    
      cronExpression: '@every 100m'    
      enable: false

权限配置相关

子账号需要的函数权限
最大权限

AliyunFCFullAccess

最小权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:DeleteTrigger",
                "fc:UpdateTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/<serviceName>/functions/<functionName>/triggers/<triggerName>"
        }
    ]
}

Http触发器

参数名必填类型参数描述
authTypeTrueString鉴权类型,可选值:anonymous、function
methodsTrueList<String>HTTP 触发器支持的访问方法,可选值:GET、POST、PUT、DELETE、HEAD

参考案例:

triggers:  
  - name: httpTrigger    
    type: http    
    # qualifier: LATEST    
    config:      
      authType: anonymous      
      methods:        
        - GET

权限配置相关

子账号需要的函数权限
最大权限

AliyunFCFullAccess

最小权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:DeleteTrigger",
                "fc:UpdateTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/<serviceName>/functions/<functionName>/triggers/<triggerName>"
        }
    ]
}

MNS触发器

参数名必填类型参数描述
topicNameTrueStringmns topic的名字
regionFalseListmns topic 所在的 region,如果不填,默认为和函数一样的 region
notifyContentFormatFalseString推送给函数入参 event 的格式,可选值:STREAM, JSON
notifyStrategyFalseString调用函数的重试策略,可选值:BACKOFF_RETRY, EXPONENTIAL_DECAY_RETRY
filterTagFalseString描述了该订阅中消息过滤的标签(标签一致的消息才会被推送),不超过 16 个字符的字符串,默认不进行消息过滤,即默认不填写该字段

参考案例:

triggers:  
  - name: mns    
    sourceArn: acs:mns:<region>:<account-id>:/topics/test    
    type: mns_topic    
    role: acs:ram::<account-id>:role/aliyunmnsnotificationrole    
    # qualifier: LATEST    
    config:      
      filterTag: ss      
      notifyContentFormat: STREAM      
      notifyStrategy: BACKOFF_RETRY

权限配置相关

子账号需要的函数权限
最大权限

AliyunFCFullAccessAliyunMNSFullAccess

最小权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Effect":"Allow",
            "Action":[
                "mns:Subscribe",
                "mns:Unsubscribe"
            ],
            "Resource":"*"
        }
    ]
}
触发器角色权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

CDN触发器

参数名必填类型参数描述
eventNameTrueString为 CDN 端触发函数执行的事件,一经创建不能更改
eventVersionTrueString为 CDN 端触发函数执行事件的版本,一经创建不能更改
notesTrueString备注信息
filterTrueStruct过滤器(至少需要一个过滤器)

参考案例:

triggers:  
  - name: cdn    
    sourceArn: acs:cdn:*:<account-id>    
    type: cdn_events    
    role: <roleArn>    
    # qualifier: LATEST    
    config:      
      eventName: CachedObjectsBlocked      
      eventVersion: 1.0.0      
      notes: shshhs      
      filter:        
        domain:         
          - sss

权限配置相关

子账号权限
最大权限

AliyunFCFullAccessAliyunCDNFullAccess

最小权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Effect":"Allow",
            "Action":[
                "cdn:UpdateFCTrigger",
                "cdn:DeleteFCTrigger",
                "cdn:DescribeFCTrigger",
                "cdn:AddFCTrigger"
            ],
            "Resource":"*"
        }
    ]
}
触发器角色权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

filter

参数名必填类型参数描述
domainTrueList<String>过滤参数值的集合

Tablestore 触发器

参数名必填类型参数描述
instanceNameTrueString表格存储实例的名称
tableNameTrueString实例中的表名称

参考案例:

triggers:  
  - name: ots    
    sourceArn: acs:ots:<region>:<account-id>:instance/<instance>/table/<table>    
    type: tablestore    
    role: acs:ram::<account-id>:role/AliyunTableStoreStreamNotificationRole    
    # qualifier: 1 
    # LATEST    
    config: 
      instanceName: xxx
      tableName: xxx

权限配置相关

子账号需要的函数权限
最大权限

AliyunFCFullAccessAliyunOTSFullAccess

最小权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Effect":"Allow",
            "Action":[
                "ots:GetTrigger",
                "ots:UpdateTrigger",
                "ots:CreateTrigger",
                "ots:DeleteTrigger"
            ],
            "Resource":"*"
        }
    ]
}
触发器角色权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "ots:BatchGet*",
                "ots:Describe*",
                "ots:Get*",
                "ots:List*"
            ],
            "Resource":"*",
            "Effect":"Allow"
        },
        {
            "Action":[
                "fc:InvokeFunction"
            ],
            "Resource":"*",
            "Effect":"Allow"
        }
    ]
}

EventBridge触发器

参数名必填类型参数描述
triggerEnableFalseBoolean触发器禁用开关。等同于 EventBridge 侧对应事件规则的禁用开关
asyncInvocationTypeFalseBoolean触发器调用函数的方式。目前支持同步调用以及异步调用
eventSourceConfigTrueStruct事件源配置
eventRuleFilterPatternTrueString事件模式。JSON 格式,详细规则可以参考 EventBridge 事件模式官方文档

参考案例:

triggers:  
  - name: eventbridgeTriggerWithDefaultSource    
    # sourceArn: acs:eventbridge:<region>:<accountID>:eventbus/<eventBusName>/rule/<eventRuleName>    
    type: eventbridge        
    # qualifier: LATEST    
    config:      
      triggerEnable: true
      asyncInvocationType: false
      eventRuleFilterPattern: '{"source":["acs.oss"],"type":["oss:BucketCreated:PutBucket"]}'
      eventSourceConfig:
        eventSourceType: Default
  - name: eventbridgeTriggerWithMNSSource    
    # sourceArn: acs:eventbridge:<region>:<accountID>:eventbus/<eventBusName>/rule/<eventRuleName>    
    type: eventbridge        
    # qualifier: LATEST    
    config:      
      triggerEnable: true
      asyncInvocationType: false
      eventRuleFilterPattern: '{"source":["MNS-${functionName}-eventbridgeTriggerWithMNSSource"]}'
      eventSourceConfig:
        eventSourceType: MNS
        eventSourceParameters:
          sourceMNSParameters:
            QueueName: gjl-test
            IsBase64Decode: false
  - name: eventbridgeTriggerWithRocketMQSource    
    # sourceArn: acs:eventbridge:<region>:<accountID>:eventbus/<eventBusName>/rule/<eventRuleName>    
    type: eventbridge        
    # qualifier: LATEST    
    config:      
      triggerEnable: true
      asyncInvocationType: false
      eventRuleFilterPattern: '{"source":["RocketMQ-${functionName}-eventbridgeTriggerWithRocketMQSource"]}'
      eventSourceConfig:
        eventSourceType: RocketMQ
        eventSourceParameters:
          sourceRocketMQParameters:
            RegionId: cn-hangzhou
            InstanceId: MQ_INST_164901546557****_BAAN****   
            GroupID: GID_group1    
            Topic: mytopic    
            Timestamp: 1636597951984
  - name: eventbridgeTriggerWithRabbitMQSource    
    # sourceArn: acs:eventbridge:<region>:<accountID>:eventbus/<eventBusName>/rule/<eventRuleName>    
    type: eventbridge        
    # qualifier: LATEST    
    config:      
      triggerEnable: true
      asyncInvocationType: false
      eventRuleFilterPattern: '{"source":["RabbitMQ-${functionName}-eventbridgeTriggerWithRabbitMQSource"]}'
      eventSourceConfig:
        eventSourceType: RabbitMQ
        eventSourceParameters:
          sourceRabbitMQParameters:
            RegionId: cn-hangzhou
            InstanceId: amqp-cn-******   
            QueueName: test-queue    
            VirtualHostName: test-virtual

权限配置相关

子账号权限
最大权限

AliyunFCFullAccessAliyunEventBridgeFullAccess

操作最小权限
{
    "Version":"1",
    "Statement":[
        {
            "Action":[
                "fc:GetTrigger",
                "fc:CreateTrigger",
                "fc:UpdateTrigger",
                "fc:DeleteTrigger"
            ],
            "Effect":"Allow",
            "Resource":"acs:fc:<region>:<account-id>:services/*/functions/*/triggers/*"
        },
        {
            "Action":"ram:PassRole",
            "Effect":"Allow",
            "Resource":"*"
        },
        {
            "Action":[
                "eventbridge:CreateEventBus",
                "eventbridge:GetEventBus",
                "eventbridge:DeleteEventBus",
                "eventbridge:CreateRule",
                "eventbridge:GetRule",
                "eventbridge:UpdateRule",
                "eventbridge:EnableRule",
                "eventbridge:DisableRule",
                "eventbridge:DeleteRule",
                "eventbridge:ListRules",
                "eventbridge:UpdateTargets",
                "eventbridge:DeleteTargets",
                "eventbridge:ListTargets"
            ],
            "Effect":"Allow",
            "Resource":"*"
        }
    ]
}
触发器角色权限

EventBridge 触发器创建时无需指定 role,但是需要在开通 EventBridge 产品后,进行 SLR 授权,授权方式有如下两种:

  • 在控制台点击授权
  • 通过 terraform 进行授权,terraform 授权代码如下所示:
provider "alicloud" {
  access_key = "${alicloud_access_key}"
  secret_key = "${aliclou_secret_key}"
  region     = "cn-hangzhou"
}


resource "alicloud_event_bridge_service_linked_role" "service_linked_role" {
  product_name = "AliyunServiceRoleForEventBridgeSendToFC"
}

eventSourceConfig

参数名必填类型参数描述
eventSourceTypeTrueString触发器事件源类型,目前支持如下四种触发源:
1. Default:表示 EventBridge 官方触发源
2. MNS:消息队列 MNS 队列作为触发源
3. RocketMQ:消息队列 RockerMQ 作为触发源
4. RabbitMQ:消息队列 RabbitMQ 作为触发源

注:该字段不可更新,更新时传入该字段将被忽略
eventSourceParametersFalseStruct自定义事件源参数,自定义事件源包括:MNS,RocketMQ,RabbitMQ

eventSourceParameters

参数名必填类型参数描述
sourceMNSParametersFalseStruct事件源为消息服务 MNS 时的自定义参数配置
sourceRocketMQParametersFalseStruct事件源为消息服务 RockerMQ 时的自定义参数配置
sourceRabbitMQParametersFalseStruct事件源为消息服务 RabbitMQ 时的自定义参数配置

sourceMNSParameters

参数名必填类型参数描述
RegionIdFalseString消息服务 MNS Queue 所属地域
QueueNameTrueString消息服务MNS的Queue的名称
IsBase64DecodeFalseBoolean是否开启Base64编码。默认为true

sourceRocketMQParameters

参数名必填类型参数描述
RegionIdFalseString消息队列RocketMQ版的实例所属地域
InstanceIdTrueString消息队列RocketMQ版的实例ID。更多信息,请参见使用限制
TopicTrueString消息队列RocketMQ版实例的Topic名称。更多信息,请参见使用限制
TagFalseString消息的过滤标签
OffsetFalseString消息的消费位点。取值说明如下:
1. CONSUME_FROM_LAST_OFFSET:从最新位点开始消费。
2. CONSUME_FROM_FIRST_OFFSET:从最早位点开始消费。
3. CONSUME_FROM_TIMESTAMP:从指定时间点的位点开始消费。

默认值:CONSUME_FROM_LAST_OFFSET
TimestampFalseNumber时间戳。仅当参数Offset取值为CONSUME_FROM_TIMESTAMP时,该参数有效
GroupIDTrueString消息队列RocketMQ版的Group ID

sourceRabbitMQParameters

参数名必填类型参数描述
RegionIdFalseString消息服务 MNS Queue 所属地域
InstanceIdTrueString消息队列RabbitMQ版的实例的ID。更多信息,请参见使用限制
VirtualHostNameTrueString消息队列RabbitMQ版实例的Vhost的名称。更多信息,请参见使用限制
QueueNameTrueString消息队列RabbitMQ版实例的Queue的名称。更多信息,请参见使用限制
在 GitHub 上编辑本页面 更新时间: Wed, Aug 10, 2022