-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[aws-events] Rule.addTarget(new LambdaFunction(Function.fromFunctionArn(...))) does not add trigger to Lambda #10509
Comments
Hello, I believe I am facing the same problem using CloudWatchEvents to trigger an existent function. The problem is that the Lambda Resource Policy is not created. If I run: I get :
So, if I run the following command to add a Lambda ResourcePolicy:
Then the trigger works as expected. I have also tried to add the ResourcePolicy explicitly in the CDK app but it didn't work (should this be in a separate bug ticket?).
The CDK code above won't create a ResourcePolicy in the lambda function.
The code above will not create a ResourcePolicy in the Lambda function as well. Please advise if I should create a different ticket for adding a permission to an existent function. PS: I have not tried setting a target to a Lambda function created in the same stack. |
Quick update: The problem does not occur if the Lambda function is created in the same stack. Adding the Lambda function as a target to the Rule will automatically create the Resource Policy and everything works as expected. |
I added permission for the Lambda for events.amazonaws.com principal in the same stack where the Lambda is created. Then the Rule specified in another started working. However, Lambda AWS Console does not show any triggers as source, but the resource policy (permissions tab) still shows the permission. So, it works, but AWS Console is a bit inconsistent. In general, I tend to like the fact that a stack can't modify resources in another stack. Not sure if this is by design or whether CF would need to have some additional permissions to be able to do cross stack changes while deploying the stack. |
I'll try what you are suggesting @dforsber , because for me eventbridge is creating the rule, attaching the trigger but it's never being invoked which si weird. I'll try this solution. |
The base-function construct implements the following: /**
* Whether the addPermission() call adds any permissions
*
* True for new Lambdas, false for version $LATEST and imported Lambdas
* from different accounts.
*/
protected abstract readonly canCreatePermissions: boolean;
And However, there is a solution to overcome that. You just need to do it the other way. Instead of calling the See example below: #!/usr/bin/env node
import 'source-map-support/register';
import { App, Construct, Stack, StackProps } from '@aws-cdk/core';
import { IRepository, Repository } from '@aws-cdk/aws-codecommit';
import { LambdaFunction } from '@aws-cdk/aws-events-targets';
import { Code, Function, IFunction, Runtime } from '@aws-cdk/aws-lambda';
const app = new App();
interface LambdaStackProps extends StackProps {
repositoryName: string;
}
class LambdaStack extends Stack {
fn: IFunction;
constructor(scope: Construct, id: string, props: LambdaStackProps) {
super(scope, id, props);
this.fn = new Function(this, 'lambda', {
runtime: Runtime.NODEJS_12_X,
code: Code.fromAsset('lambdas/oncommit'),
handler: 'index.handler',
});
let repository = Repository.fromRepositoryName(this, 'repo', props.repositoryName);
repository.onCommit('on-commit', {
target: new LambdaFunction(this.fn),
});
}
}
class CodeCommitStack extends Stack {
repository: IRepository;
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
this.repository = new Repository(this, 'my-test-repository', {
repositoryName: 'my-test-repository',
});
}
}
let codecommit = new CodeCommitStack(app, 'codecommit-stack');
let lambdaStack = new LambdaStack(app, 'lambda-stack', {
repositoryName: codecommit.repository.repositoryName,
}); Hope it helps ! |
one workaround is like below use CfnPermission() instead of addpermission() :
|
Hi all, |
Just ran into this, the CfnPermission workaround that @yogeshdass suggested works for now. |
Having the same issue, needs to manually add the trigger event. |
If you want it in TypeScript new CfnPermission(this, "lambda-permission-event-bus", {
action: "lambda:InvokeFunction",
sourceArn: mediaProcessUpdateRule.ruleArn,
principal: "events.amazonaws.com",
functionName: mediaProcessFn.functionArn,
}); This worked after deleting and deploying stack again. But AWS team you gotta fix this :( |
This should work as long as you have either specified the account in the Stack environment or use Does not work new Stack(app, 'MyStack);
lambda.Function.fromFunctionArn() Works new Stack(app, 'MyStack', { env: { account: '11111111111', region: 'us-east-1' } });
lambda.Function.fromFunctionArn() Or new Stack(app, 'MyStack');
lambda.Function.fromFunctionAttributes({
functionArn: '...',
sameEnvironment: true,
}); |
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
Give me few days I will try and update |
hi @corymhall I can confirm I am passing account and region but still when it is separate stack then trigger does not get created. |
@chotalia Did you try the Longer explanation: the framework only adds a Lambda permission (necessary for the link between rule and function to work from both sides) if they are in the same environment, which is set manually, or if they are in the same account. If you don't set |
|
No trigger on AWS Lambda for Rule Target in different CF Stack
Rule.addTarget(new LambdaFunction(Function.fromFunctionArn(...)))
does not add trigger to Lambda, where the Lambda is on another existing CF stack. The Rule has correct Lambda name in place and when I do edit+save on the Rule on AWS Console without changing anything, the trigger gets added to Lambda.We would like this Rule to be updated on every release to point a new Lambda (arn), so that in any time the Rule has only single target, but also the previous Lambda doesn't have the trigger in place anymore.
Reproduction Steps
What did you expect to happen?
Expected the Lambda to have the trigger in place and thus get the events from EventBridge as input events.
What actually happened?
Lambda didn't get any input trigger and didn't get any events either.
Environment
Other
The Rule has correct Lambda name in place and when I do edit+save on the Rule on AWS Console without changing anything, the trigger gets added to Lambda.
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: