Allow serverless lambda to be called by cloud watch2019 Community Moderator ElectionAWS Cloudwatch Event putTargets not adding Lambda event sourcesHow do I pass json inputs to a Cron scheduled Lambda deployed in Serverless using event?AWS SDK can't add Lambda as target to Cloudwatch eventNeed to configure serverless resource output to get api gateway api idServerless Framework: ways to achieve full “infrastructure as code”?Destroy resources created via Serverless without destroying Lambda endpointsserverless framework: trying to define a role for a lambda gives an undefined resource errorAWS Lambda Policy Length Exceeded - adding rules to a lambda functionWhat is causing Serverless deploy error: Unable to validate the following destination configurations, S3 InvalidArgument?Cognito permission to lambda function using serverless framework
Can one live in the U.S. and not use a credit card?
Coax or bifilar choke
PTIJ: Should I kill my computer after installing software?
Why doesn't this Google Translate ad use the word "Translation" instead of "Translate"?
What would be the most expensive material to an intergalactic society?
What is Earthy controling in the ISS cupola?
When a wind turbine does not produce enough electricity how does the power company compensate for the loss?
Signed and unsigned numbers
How strictly should I take "Candidates must be local"?
bad quality map when exporting as PDF
When traveling to Europe from North America, do I need to purchase a different power strip?
Should I tell my boss the work he did was worthless
Single word request: Harming the benefactor
Has a sovereign Communist government ever run, and conceded loss, on a fair election?
meaning and function of 幸 in "则幸分我一杯羹"
If I receive a SOS signal, what is the proper response?
Marriage green card at end of current visa with 2 Year residency requirement waiver in-process, question
Is "history" a male-biased word ("his+story")?
Latex does not go to next line
Database Backup for data and log files
Can I pump my MTB tire to max (55 psi / 380 kPa) without the tube inside bursting?
Are there historical instances of the capital of a colonising country being temporarily or permanently shifted to one of its colonies?
Conservation of Mass and Energy
Expressing logarithmic equations without logs
Allow serverless lambda to be called by cloud watch
2019 Community Moderator ElectionAWS Cloudwatch Event putTargets not adding Lambda event sourcesHow do I pass json inputs to a Cron scheduled Lambda deployed in Serverless using event?AWS SDK can't add Lambda as target to Cloudwatch eventNeed to configure serverless resource output to get api gateway api idServerless Framework: ways to achieve full “infrastructure as code”?Destroy resources created via Serverless without destroying Lambda endpointsserverless framework: trying to define a role for a lambda gives an undefined resource errorAWS Lambda Policy Length Exceeded - adding rules to a lambda functionWhat is causing Serverless deploy error: Unable to validate the following destination configurations, S3 InvalidArgument?Cognito permission to lambda function using serverless framework
I have one lambda function within my serverless.yml. It looks somehow like this:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:
"Sid":"AWSEvents_rule_name_test",
"Effect":"Allow",
"Principal":
"Service":"events.amazonaws.com"
,
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
"Condition":
"ArnLike":
"AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"
I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.
Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?
Update:
I end up trying example bellow. It was supposed to create "generic" rule:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
resources:
Resources:
cleanLambdaPermission:
DependsOn:
# This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
- cleanLambdaFunction
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [ cleanLambdaFunction, Arn ]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"
Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.
For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.
aws-lambda serverless-framework aws-serverless
asked Mar 6 at 15:15
svobol13svobol13
8451424
add a comment |
I have one lambda function within my serverless.yml. It looks somehow like this:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:
"Sid":"AWSEvents_rule_name_test",
"Effect":"Allow",
"Principal":
"Service":"events.amazonaws.com"
,
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
"Condition":
"ArnLike":
"AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"
I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.
Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?
Update:
I end up trying example bellow. It was supposed to create "generic" rule:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
resources:
Resources:
cleanLambdaPermission:
DependsOn:
# This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
- cleanLambdaFunction
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [ cleanLambdaFunction, Arn ]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"
Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.
For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.
aws-lambda serverless-framework aws-serverless
asked Mar 6 at 15:15
svobol13svobol13
8451424
add a comment |
I have one lambda function within my serverless.yml. It looks somehow like this:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:
"Sid":"AWSEvents_rule_name_test",
"Effect":"Allow",
"Principal":
"Service":"events.amazonaws.com"
,
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
"Condition":
"ArnLike":
"AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"
I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.
Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?
Update:
I end up trying example bellow. It was supposed to create "generic" rule:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
resources:
Resources:
cleanLambdaPermission:
DependsOn:
# This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
- cleanLambdaFunction
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [ cleanLambdaFunction, Arn ]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"
Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.
For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.
aws-lambda serverless-framework aws-serverless
asked Mar 6 at 15:15
svobol13svobol13
8451424
I have one lambda function within my serverless.yml. It looks somehow like this:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:
"Sid":"AWSEvents_rule_name_test",
"Effect":"Allow",
"Principal":
"Service":"events.amazonaws.com"
,
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
"Condition":
"ArnLike":
"AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"
I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.
Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?
Update:
I end up trying example bellow. It was supposed to create "generic" rule:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
resources:
Resources:
cleanLambdaPermission:
DependsOn:
# This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
- cleanLambdaFunction
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [ cleanLambdaFunction, Arn ]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"
Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.
For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.
aws-lambda serverless-framework aws-serverless
aws-lambda serverless-framework aws-serverless
asked Mar 6 at 15:15
svobol13svobol13
8451424
asked Mar 6 at 15:15
svobol13svobol13
8451424
edited Mar 7 at 13:56
svobol13
asked Mar 6 at 15:15
svobol13svobol13
8451424
asked Mar 6 at 15:15
svobol13svobol13
8451424
asked Mar 6 at 15:15
svobol13svobol13
8451424
8451424
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55026399%2fallow-serverless-lambda-to-be-called-by-cloud-watch%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
add a comment |
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
add a comment |
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
616
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55026399%2fallow-serverless-lambda-to-be-called-by-cloud-watch%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
