如何从CloudFormation模板中获取AWS IOT端点URL？

Question

我希望我的一些Lambda资源可以使用aws-sdk的AWS.IotData({ endpoint: url })功能推送到AWS IOT终端节点-终端节点是必需参数。

现在，我正在通过环境变量将终结点URL传递给我的Lambda。但是，当放入SAM / CF模板时，我找不到一种方法来检索我的IOT终结点URL，因此可以轻松!Ref实现。

浏览AWS资源类型参考时，我没有找到与IOT端点相对应的任何资源。

看来只能通过AWS控制台（启用/禁用）手动配置IOT终端节点，如以下屏幕截图所示：

关于如何控制供应IOT端点或至少从SAM / CF模板中读取IOT URL的任何建议，而无需编写脚本aws-cli？

Answer 1

对于对CloudFormation自定义资源的解决方案感兴趣的任何人，我都编写了一个简单的Lambda和CF模板，该模板为其他CF堆栈提供了IOT端点地址。

template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Resources:
  IotEndpointProvider:
    Type: 'AWS::Serverless::Function'
    Properties:
      FunctionName: IotEndpointProvider
      Handler: iotEndpointProvider.handler
      Runtime: nodejs6.10
      CodeUri: .
      MemorySize: 128
      Timeout: 3
      Policies:
        - Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action: 
              - iot:DescribeEndpoint
            Resource:
              - '*'
  IotEndpoint:
    Type: 'Custom::IotEndpoint'
    Properties:
      ServiceToken: !GetAtt IotEndpointProvider.Arn
Outputs:
  IotEndpointAddress:
    Value: !GetAtt IotEndpoint.IotEndpointAddress
    Export:
      Name: IotEndpointAddress

iotEndpointProvider.js

var aws = require("aws-sdk");

exports.handler = function(event, context) {
    console.log("REQUEST RECEIVED:\n" + JSON.stringify(event));

    // For Delete requests, immediately send a SUCCESS response.
    if (event.RequestType == "Delete") {
        sendResponse(event, context, "SUCCESS");
        return;
    }

    const iot = new aws.Iot();
    iot.describeEndpoint({}, (err, data) => {
    let responseData, responseStatus;
        if (err) {
            responseStatus = "FAILED";
            responseData = { Error: "describeEndpoint call failed" };
            console.log(responseData.Error + ":\n", err);
        } else  {
            responseStatus = "SUCCESS";
            responseData = { IotEndpointAddress: data.endpointAddress };
            console.log('response data: ' + JSON.stringify(responseData));
        }

        sendResponse(event, context, responseStatus, responseData);
    });
};

// Send response to the pre-signed S3 URL 
function sendResponse(event, context, responseStatus, responseData) {

    var responseBody = JSON.stringify({
        Status: responseStatus,
        Reason: "See the details in CloudWatch Log Stream: " + context.logStreamName,
        PhysicalResourceId: context.logStreamName,
        StackId: event.StackId,
        RequestId: event.RequestId,
        LogicalResourceId: event.LogicalResourceId,
        Data: responseData
    });

    console.log("RESPONSE BODY:\n", responseBody);

    var https = require("https");
    var url = require("url");

    var parsedUrl = url.parse(event.ResponseURL);
    var options = {
        hostname: parsedUrl.hostname,
        port: 443,
        path: parsedUrl.path,
        method: "PUT",
        headers: {
            "content-type": "",
            "content-length": responseBody.length
        }
    };

    console.log("SENDING RESPONSE...\n");

    var request = https.request(options, function(response) {
        console.log("STATUS: " + response.statusCode);
        console.log("HEADERS: " + JSON.stringify(response.headers));
        // Tell AWS Lambda that the function execution is done  
        context.done();
    });

    request.on("error", function(error) {
        console.log("sendResponse Error:" + error);
        // Tell AWS Lambda that the function execution is done  
        context.done();
    });

    // write data to request body
    request.write(responseBody);
    request.end();
}

Answer 2

恐怕您无法配置 IoT 端点，因为与 IoT 端点相关的唯一 API 调用是DescribeEndpoint.

您可以做的是创建 Lambda 支持的 CloudFormation 自定义资源。Lambda 函数将执行DescribeEndpoint调用（根据 Lambda 的运行时使用您选择的 AWS 开发工具包）并返回终端节点的 URL，以便您的其他 CloudFormation 资源可以使用它。

以下是 Lambda 支持的自定义资源的一个很好的示例：http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources-lambda.html。