1

I have been facing problem to trigger lambda from cloudwatch rule with event pattern created from terraform.

Below is my terraform code:

resource "aws_cloudwatch_event_rule" "event_rule_pattern" {   
    name = "test-event-rule"   
    description = "${var.description}"   
    role_arn            = "${var.execution_role}"   
    event_pattern = <<PATTERN
     {
      "source": [
        "aws.ecs"
      ],
      "detail-type": [
        "ECS Task State Change"
      ],
      "detail": {
        "lastStatus": [
          "STOPPED"
        ],
        "taskDefinitionArn": [
          "${data.aws_ssm_parameter.task_arn.value}"
        ]
      }
    }
  PATTERN
    tags = "app"
}
    
    
resource "aws_cloudwatch_event_target" "event_target_pattern" {   
    rule = "${element(aws_cloudwatch_event_rule.event_rule_pattern.*.name, 0)}"   
    arn       = "${data.aws_ssm_parameter.special_alert_arn.value}" 
}

Above cloudwatch rule is to trigger lambda on completion of ECS task. So far it is able to trigger cloudwatch event at completion of ECS task, but failed to invoke lambda.

Failure Image

After failure I was checking from aws ui console and just re-saved cloudwatch rule from aws ui console and it started working.

So not sure but looks like terraform is not able to configured cloudwatch rule target properly or I have done something wrong on my side.

Can some terraform/aws expert please help on this?

pulin dani
  • 11
  • 3
  • 2
    You need to add the permissions to allow Cloudwatch Events to invoke your Lambda function with the [`aws_lambda_permission` resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) – ydaetskcoR Jul 30 '20 at 15:59
  • Does https://stackoverflow.com/a/35895316/2291321 answer your question? – ydaetskcoR Jul 30 '20 at 16:00
  • yes, It worked now, i missed aws_lambda_permission. – pulin dani Jul 31 '20 at 16:50
  • I am also facing the same error but I am sending the event to sns and invocation is failing but when re-saved the event-pattern is start working. – Khushboo Kumari Aug 18 '21 at 11:31
  • For me, I was missing the `aws_sqs_queue_policy` that allowed my EventBridge `event_pattern` rule to filter messages to SQS. To be clear, the `aws_sqs_queue_policy` required the ARN of my `aws_cloudwatch_event_rule` for the resource of my `aws_sqs_queue`. Originally, we were re-saving our EventBridge rule, because that allowed events to be filtered and had no idea why the pattern wasn't working when initially created. – Micah Parks Dec 16 '21 at 14:32

0 Answers0