aws-cdk: [aws-events] Rule.addTarget(new LambdaFunction(Function.fromFunctionArn(...))) does not add trigger to Lambda

No trigger on AWS Lambda for Rule Target in different CF Stack

  1. Rule.addTarget(new LambdaFunction(Function.fromFunctionArn(...))) does not add trigger to Lambda, where the Lambda is on another existing CF stack. The Rule has correct Lambda name in place and when I do edit+save on the Rule on AWS Console without changing anything, the trigger gets added to Lambda.

  2. We would like this Rule to be updated on every release to point a new Lambda (arn), so that in any time the Rule has only single target, but also the previous Lambda doesn’t have the trigger in place anymore.

Reproduction Steps

  import { Function as LFunction } from "@aws-cdk/aws-lambda";

  public eventSubscription = new Rule(
    this,
    "MyEvent for my Lambda",
    {
      eventBus: EventBus.fromEventBusArn(
        this,
        "My EventBus",
        this.stack.getEnvrionmentVariable("eventBusArn")
      ),
      eventPattern: {
        detailType: [
          "myEvent",
        ],
      },
    }
  ).addTarget(
    new LambdaFunction(
      LFunction.fromFunctionArn(
        this,
        "myLambda",
        this.config.myLambdaArn
      )
    )
  );

What did you expect to happen?

Expected the Lambda to have the trigger in place and thus get the events from EventBridge as input events.

What actually happened?

Lambda didn’t get any input trigger and didn’t get any events either.

Environment

  • CLI Version : CDK 1.61.1 (?)
  • Framework Version: CDK 1.61.1
  • Node.js Version: NodeJS 12 (?)
  • OS : aws/codebuild/standard:3.0… TBD
  • Language (Version): Typescript (?)

Other

The Rule has correct Lambda name in place and when I do edit+save on the Rule on AWS Console without changing anything, the trigger gets added to Lambda.

This is 🐛 Bug Report

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 6
  • Comments: 16 (4 by maintainers)

Most upvoted comments

I added permission for the Lambda for events.amazonaws.com principal in the same stack where the Lambda is created. Then the Rule specified in another started working. However, Lambda AWS Console does not show any triggers as source, but the resource policy (permissions tab) still shows the permission. So, it works, but AWS Console is a bit inconsistent.

In general, I tend to like the fact that a stack can’t modify resources in another stack. Not sure if this is by design or whether CF would need to have some additional permissions to be able to do cross stack changes while deploying the stack.

+2
dforsber on Sep 28, 2020

one workaround is like below use CfnPermission() instead of addpermission() :

        eventBus = _events.EventBus(self, "r1", event_bus_name="eb-bus")
        _ = _lambda.Function.from_function_arn(self, "lambda",function_arn=core.Fn.import_value("lambda-arn"))

        eventBusRule = _events.Rule(self, "r2", 
            enabled=True,
            event_bus=eventBus,
            event_pattern=_events.EventPattern(
                source="com.mycompany.event",
                detail_type="test-events"
            ),
            rule_name="eventbus-rule",
            targets=[
                _events_targets.LambdaFunction( _, event=_events.RuleTargetInput.from_event_path("$.detail"))
            ]
        )
        
        _lambda.CfnPermission(self, "lambdapermissionsforeventbus",
                              principal="events.amazonaws.com",
                              action="lambda:InvokeFunction",
                              source_arn=eventBusRule.rule_arn,
                              function_name=_.function_arn
        )
+1
yogeshdass on Feb 23, 2021

Quick update: The problem does not occur if the Lambda function is created in the same stack.

Adding the Lambda function as a target to the Rule will automatically create the Resource Policy and everything works as expected.

+1
marcioemiranda on Sep 26, 2020

Hello,

I believe I am facing the same problem using CloudWatchEvents to trigger an existent function.

The problem is that the Lambda Resource Policy is not created.

If I run: aws lambda get-policy --function-name MyFunction --region us-east-1

I get :

A client error (ResourceNotFoundException) occurred when calling the GetPolicy operation: The resource you requested does not exist.

So, if I run the following command to add a Lambda ResourcePolicy:

aws lambda add-permission \
--function-name MyFunction \
--statement-id MyId \
--action 'lambda:InvokeFunction' \
--principal events.amazonaws.com \
--source-arn arn:aws:events:us-east-1:123456789012:rule/MyRule

Then the trigger works as expected.

I have also tried to add the ResourcePolicy explicitly in the CDK app but it didn’t work (should this be in a separate bug ticket?).

const lambdaFunction = Function.fromFunctionArn(this, "triggerFunction", "arn:aws:lambda:us-east-1:xxxxxxx:function:dummy");

        const onCommitRule = repo.onCommit('OnCommit', {
            ruleName: "myRule",
            target: new targets.LambdaFunction(lambdaFunction)
          });

The CDK code above won’t create a ResourcePolicy in the lambda function.

lambdaFunction.addPermission("cloudWatchEvents", {
            principal: new ServicePrincipal('events.amazonaws.com'),
            sourceArn: onCommitRule.ruleArn
        });

The code above will not create a ResourcePolicy in the Lambda function as well.

Please advise if I should create a different ticket for adding a permission to an existent function.

PS: I have not tried setting a target to a Lambda function created in the same stack.

+1
marcioemiranda on Sep 26, 2020
Read more comments on GitHub
← aws-cdk: (aws-elasticache): Update is failing in stacks containing CfnUserGroup after changing Tags
aws-cdk: (aws-kinesis): fails to deploy on-demand stream →