Why wasn't my Lambda function triggered by my CloudWatch Events rule?
Last updated: 2020-05-11
I created an Amazon CloudWatch Events rule using the AWS Command Line Interface (AWS CLI), API, or AWS CloudFormation. However, the target AWS Lambda function is not getting invoked. When I create or update the same CloudWatch Events rule through the AWS Management Console, the rule works correctly. How can I troubleshoot this?
When you create a CloudWatch Events rule with a Lambda function as the target using the AWS Management Console, the appropriate permissions are automatically added in the resource-based policy of the function. When you create the same rule through the AWS CLI, API, or AWS CloudFormation, you must add permissions in the resource policy to allow events.amazonaws.com to invoke the Lambda function.
Review the "Invocations" and "FailedInvocations" metrics for the CloudWatch Events rule
Under the AWS/Events namespace, check the "Invocations" and "FailedInvocations" metrics for the CloudWatch Events rule. If there's a data point for both metrics, the CloudWatch Events rule tried to invoke the target, but the invocation failed. Since the "FailedInvocations" metric doesn't include any retried invocations, you must correct the permissions issue or misconfiguration on the target.
Determine if the appropriate permissions have been added for CloudWatch Events in the resource-based policy of the Lambda function
Open the AWS Lambda console, and then select the target function. Choose Permissions, and then confirm that you have the appropriate permissions configured.
Or, check the resource-based policy of the function using the GetPolicy command. In the output of the command, look for events.amazonaws.com, a trusted entity in the policy. If you're unable to locate events.amazonaws.com, add the permission using the AddPermission command. Set the principal to events.amazonaws.com. For example:
aws lambda add-permission --function-name MyFunction --statement-id MyId --action 'lambda:InvokeFunction' --principal events.amazonaws.com --source-arn arn:aws:events:us-east-1:123456789012:rule/MyRule
Note: Be sure to replace the function and Amazon Resource Name (ARN) values with the corresponding values for your function and ARN.