Allow serverless lambda to be called by cloud watch2019 Community Moderator ElectionAWS Cloudwatch Event putTargets not adding Lambda event sourcesHow do I pass json inputs to a Cron scheduled Lambda deployed in Serverless using event?AWS SDK can't add Lambda as target to Cloudwatch eventNeed to configure serverless resource output to get api gateway api idServerless Framework: ways to achieve full “infrastructure as code”?Destroy resources created via Serverless without destroying Lambda endpointsserverless framework: trying to define a role for a lambda gives an undefined resource errorAWS Lambda Policy Length Exceeded - adding rules to a lambda functionWhat is causing Serverless deploy error: Unable to validate the following destination configurations, S3 InvalidArgument?Cognito permission to lambda function using serverless framework

How to write a chaotic neutral protagonist and prevent my readers from thinking they are evil?

Why do phishing e-mails use faked e-mail addresses instead of the real one?

Is "cogitate" used appropriately in "I cogitate that success relies on hard work"?

How would an energy-based "projectile" blow up a spaceship?

Is it a Cyclops number? "Nobody" knows!

Draw this image in the TIKZ package

Why aren't there more Gauls like Obelix?

Too soon for a plot twist?

Who has more? Ireland or Iceland?

Precision notation for voltmeters

What does *dead* mean in *What do you mean, dead?*?

Is this a crown race?

Tabular environment - text vertically positions itself by bottom of tikz picture in adjacent cell

What is Tony Stark injecting into himself in Iron Man 3?

I am the person who abides by rules but breaks the rules . Who am I

Was this cameo in Captain Marvel computer generated?

What would be the most expensive material to an intergalactic society?

Why do we call complex numbers “numbers” but we don’t consider 2-vectors numbers?

“I had a flat in the centre of town, but I didn’t like living there, so …”

How to educate team mate to take screenshots for bugs with out unwanted stuff

Rationale to prefer local variables over instance variables?

Why does a car's steering wheel get lighter with increasing speed

Do I need a return ticket to Canada if I'm a Japanese National?

Professor forcing me to attend a conference, I can't afford even with 50% funding



Allow serverless lambda to be called by cloud watch



2019 Community Moderator ElectionAWS Cloudwatch Event putTargets not adding Lambda event sourcesHow do I pass json inputs to a Cron scheduled Lambda deployed in Serverless using event?AWS SDK can't add Lambda as target to Cloudwatch eventNeed to configure serverless resource output to get api gateway api idServerless Framework: ways to achieve full “infrastructure as code”?Destroy resources created via Serverless without destroying Lambda endpointsserverless framework: trying to define a role for a lambda gives an undefined resource errorAWS Lambda Policy Length Exceeded - adding rules to a lambda functionWhat is causing Serverless deploy error: Unable to validate the following destination configurations, S3 InvalidArgument?Cognito permission to lambda function using serverless framework










0















I have one lambda function within my serverless.yml. It looks somehow like this:



functions:
 clean:
 handler: app.run
 events:
 - schedule: rate(2 hours)


It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:




 "Sid":"AWSEvents_rule_name_test",
 "Effect":"Allow",
 "Principal":
 "Service":"events.amazonaws.com"
 ,
 "Action":"lambda:InvokeFunction",
 "Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
 "Condition":
 "ArnLike":
 "AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"



I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
"Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.



Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?



Update:
I end up trying example bellow. It was supposed to create "generic" rule:



functions:
 clean:
 handler: app.run
 events:
 - schedule: rate(2 hours)
resources:
 Resources:
 cleanLambdaPermission:
 DependsOn:
 # This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
 - cleanLambdaFunction
 Type: AWS::Lambda::Permission
 Properties:
 FunctionName:
 "Fn::GetAtt": [ cleanLambdaFunction, Arn ]
 Action: "lambda:InvokeFunction"
 Principal: "events.amazonaws.com"
 SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"



Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
1. Create rule.
2. Create target.
3. Create permission.



For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.






aws-lambda serverless-framework aws-serverless







share|improve this question




























    0















    I have one lambda function within my serverless.yml. It looks somehow like this:



    functions:
     clean:
     handler: app.run
     events:
     - schedule: rate(2 hours)


    It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:




     "Sid":"AWSEvents_rule_name_test",
     "Effect":"Allow",
     "Principal":
     "Service":"events.amazonaws.com"
     ,
     "Action":"lambda:InvokeFunction",
     "Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
     "Condition":
     "ArnLike":
     "AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"



    I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
    "Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.



    Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?



    Update:
    I end up trying example bellow. It was supposed to create "generic" rule:



    functions:
     clean:
     handler: app.run
     events:
     - schedule: rate(2 hours)
    resources:
     Resources:
     cleanLambdaPermission:
     DependsOn:
     # This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
     - cleanLambdaFunction
     Type: AWS::Lambda::Permission
     Properties:
     FunctionName:
     "Fn::GetAtt": [ cleanLambdaFunction, Arn ]
     Action: "lambda:InvokeFunction"
     Principal: "events.amazonaws.com"
     SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"



    Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
    1. Create rule.
    2. Create target.
    3. Create permission.



    For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.






    aws-lambda serverless-framework aws-serverless







    share|improve this question


























      0












      0








      0








      I have one lambda function within my serverless.yml. It looks somehow like this:



      functions:
       clean:
       handler: app.run
       events:
       - schedule: rate(2 hours)


      It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:




       "Sid":"AWSEvents_rule_name_test",
       "Effect":"Allow",
       "Principal":
       "Service":"events.amazonaws.com"
       ,
       "Action":"lambda:InvokeFunction",
       "Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
       "Condition":
       "ArnLike":
       "AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"



      I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
      "Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.



      Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?



      Update:
      I end up trying example bellow. It was supposed to create "generic" rule:



      functions:
       clean:
       handler: app.run
       events:
       - schedule: rate(2 hours)
      resources:
       Resources:
       cleanLambdaPermission:
       DependsOn:
       # This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
       - cleanLambdaFunction
       Type: AWS::Lambda::Permission
       Properties:
       FunctionName:
       "Fn::GetAtt": [ cleanLambdaFunction, Arn ]
       Action: "lambda:InvokeFunction"
       Principal: "events.amazonaws.com"
       SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"



      Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
      1. Create rule.
      2. Create target.
      3. Create permission.



      For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.






      aws-lambda serverless-framework aws-serverless







      share|improve this question
















      I have one lambda function within my serverless.yml. It looks somehow like this:



      functions:
       clean:
       handler: app.run
       events:
       - schedule: rate(2 hours)


      It works pretty well and out of the box lambda gets called every 2 hours. When I add new rule in AWS Console and sets the newly created lambda as a target it also works. Both AWS Console and Serverless framework creates on the background policy that events.amazonaws.com service can invoke this specific function. The policy looks somehow like this:




       "Sid":"AWSEvents_rule_name_test",
       "Effect":"Allow",
       "Principal":
       "Service":"events.amazonaws.com"
       ,
       "Action":"lambda:InvokeFunction",
       "Resource":"arn:aws:lambda:eu-central-1:<account_id>:function:<lambda_name>",
       "Condition":
       "ArnLike":
       "AWS:SourceArn":"arn:aws:events:eu-central-1:<account_id>:rule/<rule_name>"



      I would like to define rules programatically and without the need to maintain those permissions. What I do is I create rule, then I create target similarly as described in docs https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html. Without the permission step it doesnt work. I would like to have generic permission on the serverless.yml level that enables the lambda to be called by any existing or not yet existing rules (so I care only about rules and targets). I mean something that would say:
      "Grant cloud watch permission to invoke any lambda function with any rule defined on my account". That would increase usability of my function alot more.



      Is it possible to define same policy that gets usually generated by AWS Console (code above) but little more generic and within serverless.yml file?



      Update:
      I end up trying example bellow. It was supposed to create "generic" rule:



      functions:
       clean:
       handler: app.run
       events:
       - schedule: rate(2 hours)
      resources:
       Resources:
       cleanLambdaPermission:
       DependsOn:
       # This is how serverless converts function name. Has to be update accordingly when lambda gets renamed.
       - cleanLambdaFunction
       Type: AWS::Lambda::Permission
       Properties:
       FunctionName:
       "Fn::GetAtt": [ cleanLambdaFunction, Arn ]
       Action: "lambda:InvokeFunction"
       Principal: "events.amazonaws.com"
       SourceArn: "arn:aws:events:eu-central-1:<account_id>:rule"



      Though it showed up it didnt work and my lambda never got called by programatically created rules until I added explicit SourceArn that maps exactly one rule to one single specific function. I am doing it also programatically in three steps:
      1. Create rule.
      2. Create target.
      3. Create permission.



      For delete I need proceed in reverse order. I didnt find if this (not allowing wildcards) is bug or intentional behaviour.






      aws-lambda serverless-framework aws-serverless




      aws-lambda serverless-framework aws-serverless






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited yesterday







      svobol13

















      asked 2 days ago









      svobol13svobol13

      8451424




      8451424






















          1 Answer
          1






          active

          oldest

          votes


















          0














          Yes, You can use wild cards '*' to make it generic.






          share|improve this answer






















            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55026399%2fallow-serverless-lambda-to-be-called-by-cloud-watch%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Yes, You can use wild cards '*' to make it generic.






            share|improve this answer



























              0














              Yes, You can use wild cards '*' to make it generic.






              share|improve this answer

























                0












                0








                0







                Yes, You can use wild cards '*' to make it generic.






                share|improve this answer













                Yes, You can use wild cards '*' to make it generic.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 2 days ago









                Sudhakar NaiduSudhakar Naidu

                616




                616





























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55026399%2fallow-serverless-lambda-to-be-called-by-cloud-watch%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    How to get text form Clipboard with JavaScript in Firefox 56?How to validate an email address in JavaScript?How do JavaScript closures work?How do I remove a property from a JavaScript object?How do you get a timestamp in JavaScript?How do I copy to the clipboard in JavaScript?How do I include a JavaScript file in another JavaScript file?Get the current URL with JavaScript?How to replace all occurrences of a string in JavaScriptHow to check whether a string contains a substring in JavaScript?How do I remove a particular element from an array in JavaScript?

                    Image
                    Can an x86 CPU running in real mode be considered to be basically an 8086 CPU? Why does this relative pronoun not take the case of the noun it is referring to? Email Account under attack (really) - anything I can do? Why do we use polarized capacitors? N.B. ligature in Latex Is Social Media Science Fiction? how to create a data type and make it available in all Databases? Need help identifying/translating a plaque in Tangier, Morocco How to make payment on the internet without leaving a money trail? What do you call something that goes against the spirit of the law, but is legal when interpreting the law to the letter? How can the DM most effectively choose 1 out of an odd number of players to be targeted by an attack or effect? cryptic clue: mammal sounds like relative consumer (8) Infinite past with a beginning? How do you conduct xenoanthropology after first contact? Is there an example of two elementary particles colliding to result in a single elementar...
                    Read more

                    Can't initialize raids on a new ASUS Prime B360M-A motherboard2019 Community Moderator ElectionSimilar to RAID config yet more like mirroring solution?Can't get motherboard serial numberWhy does the BIOS entry point start with a WBINVD instruction?UEFI performance Asus Maximus V Extreme

                    Image
                    "One can do his homework in the library" Why does Deadpool say "You're welcome, Canada," after shooting Ryan Reynolds in the end credits? Potential difference and current flow It's a yearly task, alright Co-worker team leader wants to inject the crap software product of his friends into our development. What should I say to our common boss? Touchscreen-controlled dentist office snowman collector game What to do when during a meeting client people start to fight (even physically) with each others? What options are left, if Britain cannot decide? How could our ancestors have domesticated a solitary predator? Professor being mistaken for a grad student When two POV characters meet Replacing Windows 7 security updates with anti-virus? What has been your most complicated TikZ drawing? Can the word "advantage" be used as an adjective? How could a female member of a species produce eggs unto death? Can the druid cantrip Thorn...
                    Read more

                    List of MPs elected to the English parliament in 1640 (April) Contents List of constituencies and members See also Notes References Navigation menueNational Archives – The Glynde Place ArchivesCobbett's Parliamentary history of England, from the Norman Conquest in 1066 to the year 1803'Aldermen in Parliament', The Aldermen of the City of London: Temp. Henry III – 1912onepage&q&f&#61, false 229

                    Image
                    Parliaments of Charles I of England1640 in England1640 in politicsLists of Members of the Parliament of England (pre-1707)English MPs 1640 (April) King Charles IShort ParliamentLong Parliament Parliaments of England 1604–1705 Parliament Date Blessed Parliament 1604 Addled Parliament 1614 3rd Parliament of King James I 1621 Happy Parliament 1624 Useless Parliament 1625 2nd Parliament of King Charles I 1626 3rd Parliament of King Charles I 1628 Short Parliament 1640 Apr Long Parliament (1) 1640 Nov Oxford Parliament 1644 Long Parliament (2) 1645 Rump Parliament (1) 1648 Barebone's Parliament 1653 First Protectorate Parliament 1654 Second Protectorate Parliament 1656 Third Protectorate Parliament 1659 Rump Parliament (2) 1659 Long Parliament (3) 1660 Convention Parliament 1660 Cavalier Parliament 1661 Habeas Corpus Parliament 1679 Exclusion Bill Parliament 1680 Oxford Parliament 1681 Loyal Parliament 1685 Convention Parliament 1689...
                    Read more