IAM role to invoke lambda and push message to DLQ

mjendza / aws-sandbox

This is my AWS Serverless stack. Build with CDK, NodeJS Lambda, DynamoDB storage.

Apache License 2.0

6 stars 1 forks source link

IAM role to invoke lambda and push message to DLQ #21

Closed mjendza closed 3 years ago

mjendza commented 3 years ago

I can't publish with the CDK and target Lambda for EventBridge

for SQS as DLQ:

queue.addToResourcePolicy(new iam.PolicyStatement({
            actions: ['sqs:SendMessage'],
            resources: [queue.queueArn],
            principals: [new iam.ServicePrincipal('events.amazonaws.com')],
            conditions: {
                'ArnEquals': {'aws:SourceArn': allEventsRule.attrArn}
            }
        }));

it works, but in the same way can't publish the policy for Lambda

mjendza commented 3 years ago

the DLQ works 👓

mjendza commented 3 years ago

working version with DLQ https://github.com/mjendza/aws-sandbox/pull/22/commits/7453eb2bb8e76c4231dc74bd5e683ed63faaad41

mjendza commented 3 years ago

fixed lambda calli with permission

eventStoreHandler.addPermission('invoke-eventStoreHandler', {
            principal: new ServicePrincipal('events.amazonaws.com'),
            sourceArn: allEventsRule.attrArn,
        });

https://github.com/mjendza/aws-sandbox/pull/22/commits/dfe35f8957dd4316f70cb8bb472cee43a3014675