alvierahman90/notes
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
474050ff6d46affb90a4533d043aefc999139636
notes/computery_stuff/cloudwatch_event_rule_lambda_ansible.md

2.7 KiB
Executable File
Raw Blame History

author, date, title, tags, uuid
author date title tags uuid
Akbar Rahman \today Eventbridge Rule (Cloudwatch Rule) Does Not Invoke Lambda When Configured Through Ansible
ansible
aws
aws_eventbridge
aws_lambda
cloudwatch
eventbridge
lambda
permissions
df3ca083-b6ae-4e35-bb1c-8b3978117c57

Eventbridge Rule (formerly Cloudwatch Rule) Does Not Invoke Lambda When Configured Through Ansible

Problem

After creating an Eventbridge rule to run a Lambda function with the Ansible module amazon.aws.cloudwatchevent_rule, the rule does not run Lambda function when it should:

- name: "Create lambda function"
  register: create_lambda
  amazon.aws.lambda:
    region: "{{ aws_ec2_region }}"
    description: "My Lambda function"
    name: "{{ lambda_name }}"
    role: "{{ iam_role.iam_role.arn }}"
    state: "present"
    timeout: 120
    vpc_security_group_ids: "{{ sec_group.group_id }}"
    vpc_subnet_ids: "{{ subnet_ids }}"
    image_uri: "{{ ecr.repository.repositoryUri }}:latest"
- name: "Schedule my Lambda function"
  register: lambda_schedule_rule
  amazon.aws.cloudwatchevent_rule:
    name: "a_unique_rule_name"
    region: "{{ aws_ec2_region }}"
    schedule_expression: "rate(1 minute)"
    state: "present"
    targets:
      - arn: "{{ create_lambda.configuration.function_arn }}"
        id: "a_unique_id"
        input: "{{ eventbridge_rule_lambda_event_input }}"

Even though creating a seemingly identical setup through the AWS console works fine.

Cause

The Eventbridge rule is not allowed to invoke this Lambda, as it is not in the Lambda's policy.

Solution

Use the amazon.aws.lambda_policy module to allow the Eventbridge rule to invoke the Lambda. Note that, if specifying the Lambda function name to function_name (as opposed to the ARN of the Lambda function), you must specify version or otherwise the Lambda function still won't be run!

- name: "Allow Eventbridge (Cloudwatch) Rules to invoke lambda"
  amazon.aws.lambda_policy:
    action: "lambda:InvokeFunction"
    function_name: "{{ lambda_name }}"
    state: "present"
    statement_id: "a_unique_statement_id"
    region: "{{ aws_ec2_region }}"
    principal: "events.amazonaws.com"
    source_arn: "{{ lambda_schedule_rule.rule.arn }}"
    version: "{{ create_lambda.configuration.version }}"

Solution found thanks to @david-kretch's answer to the same question at https://stackoverflow.com/questions/45282939/cloudwatch-event-rule-creation-via-ansible-succeeds-but-not-invoked.