From 2e7e284bc9adbc5a1326c62a9c014d303a022bc0 Mon Sep 17 00:00:00 2001 From: Steve Jansen Date: Thu, 22 Sep 2016 20:14:42 -0400 Subject: [PATCH] Update aws_lambda_permission for CloudWatch Events Based on support case with AWS, CloudWatch Events invoking Lambda should also specify the `source_arn` Example, the resulting policy needs to be like: ``` { "Condition": { "ArnLike": { "AWS:SourceArn": "arn:aws:events:us-east-1:0123456789:rule/my-cloudwatch-events-rule" } }, "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:us-east-1:0123456789:function:my-lambda-function", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Sid": "AllowMyCloudWatchEventRuleToCallMyLambda" } ``` --- .../docs/providers/aws/r/lambda_permission.html.markdown | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/website/source/docs/providers/aws/r/lambda_permission.html.markdown b/website/source/docs/providers/aws/r/lambda_permission.html.markdown index f471e5324a7f..dddcc5de6cc4 100644 --- a/website/source/docs/providers/aws/r/lambda_permission.html.markdown +++ b/website/source/docs/providers/aws/r/lambda_permission.html.markdown @@ -118,6 +118,7 @@ EOF The permission will then apply to the specific qualified ARN. e.g. `arn:aws:lambda:aws-region:acct-id:function:function-name:2` * `source_account` - (Optional) The AWS account ID (without a hyphen) of the source owner. - * `source_arn` - (Optional) When granting Amazon S3 permission to invoke your function, - you should specify this field with the bucket Amazon Resource Name (ARN) as its value. - This ensures that only events generated from the specified bucket can invoke the function. + * `source_arn` - (Optional) When granting Amazon S3 or CloudWatch Events permission to + invoke your function, you should specify this field with the Amazon Resource Name (ARN) + for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events + generated from the specified bucket or rule can invoke the function.