---
author: Akbar Rahman
date: \today
title: Eventbridge Rule (Cloudwatch Rule) Does Not Invoke Lambda When Configured Through Ansible
tags:
  - ansible
  - aws
  - aws_eventbridge
  - aws_lambda
  - cloudwatch
  - eventbridge
  - lambda
  - permissions
uuid: df3ca083-b6ae-4e35-bb1c-8b3978117c57
---

# Eventbridge Rule (formerly Cloudwatch Rule) Does Not Invoke Lambda When Configured Through Ansible

## Problem

After creating an Eventbridge rule to run a Lambda function with the Ansible module
[`amazon.aws.cloudwatchevent_rule`](https://docs.ansible.com/ansible/latest/collections/amazon/aws/cloudwatchevent_rule_module.html),
the rule does not run Lambda function when it should:

```yaml
- name: "Create lambda function"
  register: create_lambda
  amazon.aws.lambda:
    region: "{{ aws_ec2_region }}"
    description: "My Lambda function"
    name: "{{ lambda_name }}"
    role: "{{ iam_role.iam_role.arn }}"
    state: "present"
    timeout: 120
    vpc_security_group_ids: "{{ sec_group.group_id }}"
    vpc_subnet_ids: "{{ subnet_ids }}"
    image_uri: "{{ ecr.repository.repositoryUri }}:latest"
- name: "Schedule my Lambda function"
  register: lambda_schedule_rule
  amazon.aws.cloudwatchevent_rule:
    name: "a_unique_rule_name"
    region: "{{ aws_ec2_region }}"
    schedule_expression: "rate(1 minute)"
    state: "present"
    targets:
      - arn: "{{ create_lambda.configuration.function_arn }}"
        id: "a_unique_id"
        input: "{{ eventbridge_rule_lambda_event_input }}"
```

Even though creating a seemingly identical setup through the AWS console works fine.

## Cause

The Eventbridge rule is not allowed to invoke this Lambda, as it is not in the Lambda's policy.

## Solution

Use the
[`amazon.aws.lambda_policy`](https://docs.ansible.com/ansible/latest/collections/amazon/aws/lambda_policy_module.html)
module to allow the Eventbridge rule to invoke the Lambda.
Note that, if specifying the Lambda function name to `function_name` (as opposed to the ARN of the
Lambda function), you must specify `version` or otherwise the Lambda function still won't be run!


```yaml
- name: "Allow Eventbridge (Cloudwatch) Rules to invoke lambda"
  amazon.aws.lambda_policy:
    action: "lambda:InvokeFunction"
    function_name: "{{ lambda_name }}"
    state: "present"
    statement_id: "a_unique_statement_id"
    region: "{{ aws_ec2_region }}"
    principal: "events.amazonaws.com"
    source_arn: "{{ lambda_schedule_rule.rule.arn }}"
    version: "{{ create_lambda.configuration.version }}"
```


Solution found thanks to @david-kretch's answer to the same question at
<https://stackoverflow.com/questions/45282939/cloudwatch-event-rule-creation-via-ansible-succeeds-but-not-invoked>.