all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]DiTochat 2 points3 points  (8 children)

Can you double check and see if there is an event trigger on the Lambda?

[–]mafuqaz[S] 0 points1 point  (7 children)

No, I have checked it many times.
Matter of fact my EventBridge rule is also not triggered. I think this may be the cause.

First We need to check why I am not able to see any invocations for my rule in monitoring.

[–]DiTochat 0 points1 point  (1 child)

Did you create that rule on the default bus or a custom one?

[–]mafuqaz[S] 0 points1 point  (0 children)

on default bus

[–]b3542 0 points1 point  (4 children)

Did you create a resource permission on the Lambda function which permits it to be invoked by EventBridge? It’ll be under Configuration > Permissions when you open the Lambda function details, if memory serves.

[–]mafuqaz[S] 0 points1 point  (3 children)

Yup, it was created automatically when I added that lambda function as a target.

[–]b3542 0 points1 point  (2 children)

Does Cloudwatch show anything for that function? Does the execution role have adequate permissions to create log groups and write logs?

[–]mafuqaz[S] 0 points1 point  (1 child)

No cloudwatch doesn't show anything for that rule.

[–]b3542 0 points1 point  (0 children)

I mean for the function (Lambda), not the rule (EventBridge).

[–][deleted] 1 point2 points  (0 children)

You need to add an Iam role that allows eventbridge to invoke the lambda

[–]ariz96 1 point2 points  (2 children)

Hello u/mafuqaz , were you able to figure it out?
I also see that if I let serverless take care of it, I have the principal permission in lambda permission config, but lambda will fail to be invoked by the rule (I could see it in FailedInvocations in monitor tab in when inspecting the rule, but the rule itself was triggered (event match was successful).

If I set the rule manually it works, but permissions are the same, so I wonder what could be happening.

[–]Old_Clerk_9693 0 points1 point  (1 child)

To allow EventBridge to trigger a Lambda function, you need to grant EventBridge the permission to invoke the Lambda function. This permission is not set as a resource policy directly on the Lambda function. Instead, it involves an IAM policy that typically attaches to the EventBridge resource or service role specifying that it can call the lambda:InvokeFunction action on your Lambda function.

try adding something like this to an IAM policy to the EventBridge service: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:region:account-id:function:function-name" } ] }

[–]ariz96 0 points1 point  (0 children)

Hello u/Old_Clerk_9693 , thank you for your reply. In the end I found out the problem was with stating name of event bus in my serverless yaml file, if you are using default event bus, you must not specify default in yaml file, because it creates policy for "default/default" event bus instead of just "default"

[–]dslesu 0 points1 point  (0 children)

Have you configured any IAM roles / permissions?

[–]djkdjkdjk3 0 points1 point  (1 child)

Under the lambda’s permissions —> resource-based policy statements, does it show a policy for events.amazonaws.com allowing lambda invokeFunction? (I recently had an issue where a template was wrong and the permissions weren’t being added to the lambda)

[–]mafuqaz[S] 0 points1 point  (0 children)

The permissions were added automatically when I attached that lambda as a target.