4

I've tried to setup scheduling with Amazon CloudWatch Events, which should invoke a Lambda function, from another Lambda I used guide from Sending Events to Amazon CloudWatch Events - AWS SDK for JavaScript.

The problem is, that even after setting CloudWatch Events IAM role

{
                    Sid: 'CloudWatchEventsFullAccess',
                    Effect: 'Allow',
                    Action: ['*'],
                    Resource: '*',
},

and Lambda role to similar one, when I invoke main function

const cloudWatchEvents = new CloudWatchEvents()

        const ruleParams = {
            Name: projectId,
            ScheduleExpression: crontab,
            State: 'ENABLED',
            RoleArn: apiCloudWatchEventsIamRole,
        }

        const targetParams = {
            Rule: projectId,
            Targets: [
                {
                    Arn: apiLongTaskFunctionArn,
                    Id: 'lambdaCloudWatch',
                },
            ],
        }


        cloudWatchEvents.putRule(ruleParams, (err, rule) => {
            if (err) {
                console.log(err)
                return err
            }
            cloudWatchEvents.putTargets(targetParams, (err, data) => {
                if (err) {
                    console.log(err)
                    return (err)
                }
                const eventParams = {
                    Entries: [
                        {
                            DetailType: 'Scheduled Event',
                            Source: 'aws.events',
                            Resources: [rule.RuleArn],
                            Detail: '{}',
                        },
                    ],
                }
                cloudWatchEvents.putEvents(eventParams, (err, data) => {
                    if (err) {
                        console.log(err)
                        return (err)
                    }
                    console.log(data)
                })
            })
        })

i get response from last console.log 

{ FailedEntryCount: 1,
      Entries: 
       [ { ErrorCode: 'NotAuthorizedForSourceException',
           ErrorMessage: 'Not authorized for the source.' } ] }

I'm not sure where should I search for answer, as I haven't seen this case documented anywhere on web.

Piekarski D
  • 377
  • 1
  • 4
  • 15
  • Has the trust relationship been setup for the role? i.e. "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": "sts:AssumeRole" } – tedsmitt Jun 12 '19 at 14:27
  • @tedsmitt yep, I set Statement: [ { Effect: 'Allow', Principal: { Service: ['lambda.amazonaws.com'], }, Action: ['sts:AssumeRole'], }, { Effect: 'Allow', Principal: { Service: ['events.amazonaws.com'], }, Action: ['sts:AssumeRole'], }, ], for both lambda execution role and cloudWatch events role – Piekarski D Jun 12 '19 at 15:10
  • I think the issue here is that the `aws.*` prefix is reserved for AWS itself to use. So when you try to specify your source as `aws.events`, it tells you you're not authorized to use that source. Although, I can't seem to find any documentation on this besides the end of this [blog post](https://chaosgears.com/how-to-test-service-events-in-aws-organizations-aws-cloudtrail/). – Matt Hancock Aug 03 '21 at 22:49

1 Answers1

3

okay, so adding to ruleParams

            EventPattern: JSON.stringify({
                source: ['sourceName'],
            }),

and setting Entries to 

                    Entries: [
                        {
                            DetailType: 'Scheduled Event',
                            Source: 'sourceName',
                            Resources: [rule.RuleArn],
                            Detail: '{}',
                        },
                    ],

solved the issue

Piekarski D
  • 377
  • 1
  • 4
  • 15
  • Hi, this just listens to every cloudwatch event. I want to run a cron and pass cloudwatch event along with payload to the lambda – Yadynesh Desai May 16 '21 at 06:30