Triggering a Lambda once a DMS Replication Task has completed in Terraform

Question

I would like to trigger a Lambda once an RDS Replication Task has successfully completed. I have the following Terraform code, which successfully creates all the assets, but my Lambda is not being triggered.

resource "aws_dms_event_subscription" "my_event_subscription" {
  enabled          = true
  event_categories = ["state change"]
  name             = "my-event-subscription"
  sns_topic_arn    = aws_sns_topic.my_event_subscription_topic.arn
  source_ids       = ["my-replication-task"]
  source_type      = "replication-task"
}

resource "aws_sns_topic" "my_event_subscription_topic" {
  name = "my-event-subscription-topic"
}

resource "aws_sns_topic_subscription" "my_event_subscription_topic_subscription" {
  topic_arn = aws_sns_topic.my_event_subscription_topic.arn
  protocol  = "lambda"
  endpoint  = aws_lambda_function.my_lambda_function.arn
}

resource "aws_sns_topic_policy" "allow_publish" {
  arn    = aws_sns_topic.my_event_subscription_topic.arn
  policy = data.aws_iam_policy_document.allow_dms_and_events_document.json
}

resource "aws_lambda_permission" "allow_sns_invoke" {
  statement_id  = "AllowExecutionFromSNS"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.my_lambda_function.function_name
  principal     = "sns.amazonaws.com"
  source_arn    = aws_sns_topic.my_event_subscription_topic.arn
}

data "aws_iam_policy_document" "allow_dms_and_events_document" {
  statement {
    actions = ["SNS:Publish"]
    principals {
      identifiers = [
        "dms.amazonaws.com",
        "events.amazonaws.com"
      ]
      type = "Service"
    }
    resources = [aws_sns_topic.my_event_subscription_topic.arn]
  }
}

Am I missing something?

Is event_categories = ["state change"] correct? (This suggests state change is correct. I'm less concerned right now if the Lambda is triggered for every state change, and not just DMS-EVENT-0079.)

Is there something I can add to get CloudWatch logs from the event subscription, to tell me what's wrong?

Has there been such an event that would cause Lambda to be triggered? — Marko E, Sep 07 '22 at 09:37
Yes, @MarkoE, can confirm the replication task is running daily — Rob, Sep 07 '22 at 09:41
And you can verify in the AWS console that the SNS topic is allowed to trigger the Lambda function? — Marko E, Sep 07 '22 at 09:42

score 0 · Answer 1 · edited Oct 31 '22 at 11:13

You can try giving it a JSON as shared on AWS Documentation.

{
   "version":"0",
   "id":"11a11b11-222b-333a-44d4-01234a5b67890",
   "detail-type":"DMS Replication Task State Change",
   "source":"aws.dms",
   "account":"0123456789012",
   "time":"1970-01-01T00:00:00Z",
   "region":"us-east-1",
   "resources":[
      "arn:aws:dms:us-east-1:012345678901:task:AAAABBBB0CCCCDDDDEEEEE1FFFF2GGG3FFFFFF3"
   ],
   "detail":{
      "type":"ReplicationTask",
      "category":"StateChange",
      "eventType":"REPLICATION_TASK_STARTED",
      "eventName":"DMS-EVENT-0069",
      "resourceLink":"https://console.aws.amazon.com/dms/v2/home?region=us-east-1#taskDetails/taskName",
      "detailMessage":"Replication task started, with flag = fresh start"
   }
}

You can check how to give this as JSON in Terraform here

Triggering a Lambda once a DMS Replication Task has completed in Terraform

1 Answers1