我正在尝试创建一个AWS Eventbridge规则,并将Lambda函数设置为目标。我可以成功添加规则和目标,但是当我尝试通过
RoleArn
设置Lambda权限时,Cloudformation堆栈部署失败,显示以下错误信息:RoleArn is not supported for target arn:aws:lambda:us-east-1:1234567890:function:contacts-lambda-consume-new-customer. (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: ValidationException; Request ID: xxxxx-ec5d-45e8-b45d-xxxxxx; Proxy: null)
以下是我的Cloudformation堆栈代码: EventRuleNewCustomer:
Type: AWS::Events::Rule
Properties:
Name: new-customer
EventBusName: myEventBus
# RoleArn: !Join ["", ["arn:aws:iam::",!Ref "AWS::AccountId", ":role/my-role"] ] #no error but doesn't add the permissions
Description: "New customer event rule"
EventPattern:
detail-type:
- "NewCustomer"
State: "ENABLED"
Targets:
-
Arn: !Join ["", ["arn:aws:lambda:" ,!Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":function:contacts-lambda-consume-new-customer"] ]
Id: "NewCustomer"
RoleArn: !Join ["", ["arn:aws:iam::",!Ref "AWS::AccountId", ":role/my-role"] ]
我已经尝试在规则本身上设置RoleArn
,但在创建堆栈时不会出现错误,但也不会添加执行Lambda所需的必要权限。
我使用的解决方法是编辑AWS Eventbridge控制台中的lambda目标。这似乎可以在幕后进行一些魔法,以添加正确的权限,使Eventbridge能够执行lambda。
非常感谢您的任何想法。