Cloudformation Event Rule Not Running
If you created an event Rule in cloudformation and it’s not doing the stuff you wanted continue on.
Simple Answer: You’re probably not giving the event permissions to do whatever you need it to do.
This one is right in the event rule documentation… but only in the examples… Go to Cloudformation Event Rule Documentation and scroll down to examples. All of the examples come paired with a policy or permission.
When you make an event in the console this is done automatically
The examples do a good job of pointing this out.
ScheduledRule: ### Create a Rule
Type: AWS::Events::Rule
Properties:
Description: "ScheduledRule"
ScheduleExpression: "rate(10 minutes)" ### SET A SCHEDULE
State: "ENABLED"
Targets: ### THE THING YOU WANT THE EVENT TO WORK WITH
-
Arn:
Fn::GetAtt:
- "LambdaFunction"
- "Arn"
Id: "TargetFunctionV1"### THE PART YOU MAY NOT KNOW YOU NEEDPermissionForEventsToInvokeLambda: ### NEED TO GIVE IT PERMISSION
Type: AWS::Lambda::Permission
Properties:
FunctionName: ### THIS EXAMPLE IS WITH A LAMBDA
Ref: "LambdaFunction"
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn:
Fn::GetAtt:
- "ScheduledRule" ### THE EVENT RULE DEFINED ABOVE
- "Arn" ### GET IT's AMAZON RESOURCE NAME
This is a pretty easy mistake to make because you can create the event rule in cloudformation without the permission. The rule will exist and it’ll look like it’s going to run. This was a problem for us today because we assumed this thing was running for months. And every month this event triggered something important, not so important we cared every month to look. And then we looked and it had done nothing — you can guess that’s not good. Fortunately someone who left created this event without permissions. No one is mad directly at me, or not so much I care. I can’t reasonably say I should have done this right because I didn’t even know this was something we needed to do every month let alone that it was broken.
