Hi AWS Cloudformation guys!

I need to attach an existing role to the lambda function i am creating.

AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Parameters:
  LambdaRoleName:
    Default: ExistingRoleCreatedInAwsAccount
    Type: String
Resources:
  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Runtime: python3.9
      Timeout: 5
      Handler: lambda_function.handler
      Role: !Ref ExistingRoleCreatedInAwsAccount
      Code:
        S3Bucket: 'lambda-bucket-abi'
        S3Key: 'lambdaupload.zip'

  ScheduledRule:
    Type: AWS::Events::Rule
    Properties:
      Description: "ScheduledRule"
      ScheduleExpression: "rate(5 minutes)"
      State: "ENABLED"
      Targets:
        - Arn:
            Fn::GetAtt:
              - "LambdaFunction"
              - "Arn"
          Id: "TargetFunctionV1"
  PermissionForEventsToInvokeLambda:
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName: !Ref "LambdaFunction"
      Action: "lambda:InvokeFunction"
      Principal: "events.amazonaws.com"
      SourceArn:
        Fn::GetAtt:
          - "ScheduledRule"
          - "Arn"

Thanks in Advance!

CodePudding user response：

You seem to be on the right track, what's going wrong?

Your parameter is called 'LambdaRoleName'. Please be aware that it should be the role its ARN that you pass.

So when you deploy the stack, pass the role arn to the parameter:

aws cloudformation deploy --template-file your-template.yaml --stack-name your-stack-name --parameter-overrides LambdaRoleName=arn:aws:iam::123456789012:role/your-role --region eu-west-1

or change the default value to the role ARN:

Parameters:
  LambdaRoleName:
    Default: arn:aws:iam::123456789012:role/your-role
    Type: String

CodePudding user response：

It should be:

Role: !Ref LambdaRoleName

rather then

Role: !Ref ExistingRoleCreatedInAwsAccount