没有 IAM 用户的示例设置
这是关于如何使用 example 来实现 "在没有 IAM 角色的情况下使用 Lambda" 中描述的技术的说明。
🌐 This is a write up of how to use the example for the technique described under "Using Lambda without IAM roles".
先决条件
🌐 Prequisites
- 确保你的本地 AWS 配置能够部署到 AWS。
设置
🌐 Setup
1. 克隆或下载项目
🌐 1. Clone or download the project
该项目可以在 reference project 找到。
🌐 The project can be found at reference project.
2. 安装依赖
🌐 2. Install dependencies
- npm
- yarn
- pnpm
npm ipnpm iyarn install3. 创建 CDK 堆栈
🌐 3. Create the CDK Stack
此命令将部署 Lambda 函数以及堆栈中的其他任何资源。
🌐 This command will deploy the Lambda function and any other resources in the stack.
npx aws-cdk deploy \
--outputs-file ./cdk-outputs.jsonRemotion 包也包含在堆栈中,这些确保 renderMediaOnLambda() 可以由 Lambda 函数 执行。
🌐 The Remotion packages are also bundled into the stack, these ensures that renderMediaOnLambda() can be executed by the Lambda function.
package.json{ "dependencies": { ... "remotion": "^3.3.33", "@remotion/lambda": "^3.3.33", } }
完整的依赖包含在参考项目中。
🌐 The full dependencies are included in the reference project.
4. 部署后
🌐 4. After deployment
npx aws-cdk deploy \
--outputs-file ./cdk-outputs.jsonDeployment progressBundling asset cdk-stack/render-function/Code/Stage... cdk.out/bundling-temp-5e88d0b45626d59e8e8ddce3b05a886b0e1b381df6e5bbbea1dc2727080641a8/index.js 6.3mb ⚠️ ⚡ Done in 295ms ✨ Synthesis time: 4.29s cdk-stack: building assets... [0%] start: Building 87d5e793cbd198c73c05023515153b142eb2f559e7150579cd2db53362c19b6e:XXXXXXXXXX-us-east-1 [0%] start: Building 779e5babb0ddf0d17c0faebbe5596b03bcf13785f0b20c4cd0fe0c5e616d5593:XXXXXXXXXX-us-east-1 [50%] success: Built 87d5e793cbd198c73c05023515153b142eb2f559e7150579cd2db53362c19b6e:XXXXXXXXXX-us-east-1 [100%] success: Built 779e5babb0ddf0d17c0faebbe5596b03bcf13785f0b20c4cd0fe0c5e616d5593:XXXXXXXXXX-us-east-1 cdk-stack: assets built cdk-stack: deploying... [1/1] [0%] start: Publishing 87d5e793cbd198c73c05023515153b142eb2f559e7150579cd2db53362c19b6e:XXXXXXXXXX-us-east-1 [0%] start: Publishing 779e5babb0ddf0d17c0faebbe5596b03bcf13785f0b20c4cd0fe0c5e616d5593:XXXXXXXXXX-us-east-1 [50%] success: Published 779e5babb0ddf0d17c0faebbe5596b03bcf13785f0b20c4cd0fe0c5e616d5593:XXXXXXXXXX-us-east-1 [100%] success: Published 87d5e793cbd198c73c05023515153b142eb2f559e7150579cd2db53362c19b6e:XXXXXXXXXX-us-east-1 ✅ cdk-stack (no changes) ✨ Deployment time: 1.39s
OutputOutputs: cdk-stack.apiUrl = https://du7jfr.execute-api.us-east-1.amazonaws.com/ cdk-stack.region = us-east-1 cdk-stack.userPoolClientId = 4l5tsda2iu8lqugl73m8hgeb83 cdk-stack.userPoolId = us-east-1_bVwFsBUGO Stack ARN: arn:aws:cloudformation:us-east-1:XXXXXXXXXX:stack/cdk-stack/faf43800-9878-11ed-a070-0aacc64c8662
输出包含 API 网关的基础 URL、区域以及 Cognito 客户端 ID 和用户池 ID,这些用于认证。
🌐 The output contains the API Gateway base URL, region and Cognito client ID and user pool ID, which are used for authentication.
5. 清理
🌐 5. Cleanup
以下操作将删除该函数,以防它不再需要。
🌐 The following will delete the function, in case it's not needed anymore.
npx aws-cdk destroyLambda 角色
🌐 Lambda role
CDK 创建了一个名为 remotionLambdaServerlessRole 的 IAM 角色,该角色需要 Remotion 策略 setup。
🌐 The CDK creates an IAM role named remotionLambdaServerlessRole which needs the Remotion policy setup.
测试你的端点
🌐 Test your endpoint
该 API 由 Cognito 保护,需要授权令牌。
🌐 The API is secured by Cognito which requires an authorization token.
为了进行测试,你需要按照以下步骤操作,以防你仍然没有前端。
🌐 In order to test, you need to do the steps below, just in case you still don't have frontend.
1. 创建一个 Cognito 用户
🌐 1. Create a Cognito User
aws cognito-idp sign-up \
--client-id YOUR_USER_POOL_CLIENT_ID \
--username "sample@test.com" \
--password "compLicat3d123"2. 确认用户以便他们可以登录
🌐 2. Confirm the user so they can sign in
aws cognito-idp admin-confirm-sign-up \
--user-pool-id YOUR_USER_POOL_ID \
--username "sample@test.com"3. 登录用户以获取身份 JWT 令牌
🌐 3. Log the user to retrieve an identity JWT token
aws cognito-idp initiate-auth \
--auth-flow USER_PASSWORD_AUTH \
--auth-parameters \
USERNAME="sample@test.com",PASSWORD="compLicat3d123" \
--client-id YOUR_USER_POOL_CLIENT_ID
YOUR_USER_POOL_CLIENT_ID 和 YOUR_USER_POOL_ID 是 CDK 输出的一部分。
Output{ "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "eyJraWQiOiJGcUJ....", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJjdHkiOiJKV1QiLCJlbm...", "IdToken": "eyJraWQiOiJCcjY3Rk5WdzRpYVVYVlpNdF..." } }
API 会给你一个详细的响应,但只会使用 IdToken。
🌐 The API will give you a verbose response but will only use the IdToken.
4. 使用令牌通过 curl 调用端点请求。
🌐 4. Use the token to invoke a request to the endpoint using curl.
Request
curl --location --request POST 'https://du7jfr6.execute-api.us-east-1.amazonaws.com/render' \
--header 'Authorization: Bearer eyJraWQiOiJGcUJFV1B1cHhxM0NXRko0RVN2..........'Response
{"message":"SUCCESS","bucketName":"remotionlambda-apsoutheast2-5essis84y1","renderId":"1pwhfhh11z"}就是这样!你现在有了一个可以用来调用视频渲染的 API。
🌐 That's it! You now have an API that you can use to invoke the rendering of a video.
需要注意的是,Lambda 函数不应对未认证用户开放。该函数使用 CDK 的第 2 版,该版本仍在积极开发中。
下一步
🌐 Next Steps
- 自定义 Lambda 函数,以便渲染的视频将被移动到另一个目录。
- 尝试通过 CDK
code分配 Remotion 角色。 - 将请求参数作为输入参数添加到 Lambda 函数用于
renderMediaOnLambda()。
另请参阅
🌐 See also