Allow serverless lambda to be called by cloud watch2019 Community Moderator ElectionAWS Cloudwatch Event putTargets not adding Lambda event sourcesHow do I pass json inputs to a Cron scheduled Lambda deployed in Serverless using event?AWS SDK can't add Lambda as target to Cloudwatch eventNeed to configure serverless resource output to get api gateway api idServerless Framework: ways to achieve full “infrastructure as code”?Destroy resources created via Serverless without destroying Lambda endpointsserverless framework: trying to define a role for a lambda gives an undefined resource errorAWS Lambda Policy Length Exceeded - adding rules to a lambda functionWhat is causing Serverless deploy error: Unable to validate the following destination configurations, S3 InvalidArgument?Cognito permission to lambda function using serverless framework
What are the practical Opportunty Attack values for a bugbear, holding a reach weapon, with Polearm Mastery?
Should I take out a loan for a friend to invest on my behalf?
Rewrite the power sum in terms of convolution
Why would one plane in this picture not have gear down yet?
Doesn't allowing a user mode program to access kernel space memory and execute the IN and OUT instructions defeat the purpose of having CPU modes?
Does the nature of the Apocalypse in The Umbrella Academy change from the first to the last episode?
Recommendation letter by significant other if you worked with them professionally?
If I receive an SOS signal, what is the proper response?
Shifting between bemols (flats) and diesis (sharps)in the key signature
Word for a person who has no opinion about whether god exists
Are babies of evil humanoid species inherently evil?
Does "Until when" sound natural for native speakers?
Find longest word in a string: are any of these algorithms good?
Can I pump my MTB tire to max (55 psi / 380 kPa) without the tube inside bursting?
Motivation for Zeta Function of an Algebraic Variety
What wound would be of little consequence to a biped but terrible for a quadruped?
Child Theme Path Being Ignored With wp_enqueue_scripts
When a wind turbine does not produce enough electricity how does the power company compensate for the loss?
Why does liquid water form when we exhale on a mirror?
How is the wildcard * interpreted as a command?
Vocabulary for giving just numbers, not a full answer
Why the color red for the Republican Party
In the quantum hamiltonian, why does kinetic energy turn into an operator while potential doesn't?
Is it necessary to separate DC power cables and data cables?
Allow serverless lambda to be called by cloud watch
2019 Community Moderator ElectionAWS Cloudwatch Event putTargets not adding Lambda event sourcesHow do I pass json inputs to a Cron scheduled Lambda deployed in Serverless using event?AWS SDK can't add Lambda as target to Cloudwatch eventNeed to configure serverless resource output to get api gateway api idServerless Framework: ways to achieve full “infrastructure as code”?Destroy resources created via Serverless without destroying Lambda endpointsserverless framework: trying to define a role for a lambda gives an undefined resource errorAWS Lambda Policy Length Exceeded - adding rules to a lambda functionWhat is causing Serverless deploy error: Unable to validate the following destination configurations, S3 InvalidArgument?Cognito permission to lambda function using serverless framework
I have one lambda function within my serverless.yml. It looks somehow like this:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:
"Sid":"AWSEvents_rule_name_test",
"Effect":"Allow",
"Principal":
"Service":"events.amazonaws.com"
,
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
"Condition":
"ArnLike":
"AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"
I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.
Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?
Update:
I end up trying example bellow. It was supposed to create "generic" rule:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
resources:
Resources:
cleanLambdaPermission:
DependsOn:
# This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
- cleanLambdaFunction
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [ cleanLambdaFunction, Arn ]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"
Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.
For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.
aws-lambda serverless-framework aws-serverless
asked Mar 6 at 15:15
svobol13svobol13
8451424
add a comment |
I have one lambda function within my serverless.yml. It looks somehow like this:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:
"Sid":"AWSEvents_rule_name_test",
"Effect":"Allow",
"Principal":
"Service":"events.amazonaws.com"
,
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
"Condition":
"ArnLike":
"AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"
I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.
Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?
Update:
I end up trying example bellow. It was supposed to create "generic" rule:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
resources:
Resources:
cleanLambdaPermission:
DependsOn:
# This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
- cleanLambdaFunction
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [ cleanLambdaFunction, Arn ]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"
Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.
For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.
aws-lambda serverless-framework aws-serverless
asked Mar 6 at 15:15
svobol13svobol13
8451424
add a comment |
I have one lambda function within my serverless.yml. It looks somehow like this:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:
"Sid":"AWSEvents_rule_name_test",
"Effect":"Allow",
"Principal":
"Service":"events.amazonaws.com"
,
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
"Condition":
"ArnLike":
"AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"
I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.
Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?
Update:
I end up trying example bellow. It was supposed to create "generic" rule:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
resources:
Resources:
cleanLambdaPermission:
DependsOn:
# This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
- cleanLambdaFunction
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [ cleanLambdaFunction, Arn ]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"
Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.
For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.
aws-lambda serverless-framework aws-serverless
asked Mar 6 at 15:15
svobol13svobol13
8451424
I have one lambda function within my serverless.yml. It looks somehow like this:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:
"Sid":"AWSEvents_rule_name_test",
"Effect":"Allow",
"Principal":
"Service":"events.amazonaws.com"
,
"Action":"lambda:InvokeFunction",
"Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
"Condition":
"ArnLike":
"AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"
I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.
Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?
Update:
I end up trying example bellow. It was supposed to create "generic" rule:
functions:
clean:
handler: app.run
events:
- schedule: rate(2 hours)
resources:
Resources:
cleanLambdaPermission:
DependsOn:
# This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
- cleanLambdaFunction
Type: AWS::Lambda::Permission
Properties:
FunctionName:
"Fn::GetAtt": [ cleanLambdaFunction, Arn ]
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"
Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.
For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.
aws-lambda serverless-framework aws-serverless
aws-lambda serverless-framework aws-serverless
asked Mar 6 at 15:15
svobol13svobol13
8451424
asked Mar 6 at 15:15
svobol13svobol13
8451424
edited Mar 7 at 13:56
svobol13
asked Mar 6 at 15:15
svobol13svobol13
8451424
asked Mar 6 at 15:15
svobol13svobol13
8451424
asked Mar 6 at 15:15
svobol13svobol13
8451424
8451424
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55026399%2fallow-serverless-lambda-to-be-called-by-cloud-watch%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
add a comment |
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
add a comment |
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
Yes, You can use wild cards '*' to make it generic.
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
answered Mar 7 at 1:28
Sudhakar NaiduSudhakar Naidu
616
616
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55026399%2fallow-serverless-lambda-to-be-called-by-cloud-watch%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
