Cloudwatch Event Rule does not trigger Lambda

[vibhuyadav]

Terraform Version

Terraform v0.11.8

Terraform Configuration Files

data "archive_file" "lambda_zip" {
  type        = "zip"
  source_dir  = "slack"
  output_path = "./slack/lambda.zip"
}

resource "aws_lambda_function" "cwe2slack_lambda" {
  filename         = "./slack/lambda.zip"
  source_code_hash = "${data.archive_file.lambda_zip.output_base64sha256}"

  function_name = "cwe2slack_lambda"
  description   = "Cloudwatch Event to Slack Lambda function"

  handler = "slack_lambda.handler"
  runtime = "nodejs8.10"

  role = "${aws_iam_role.cwe2slack_lambda_service_role.arn}"

  environment {
    variables = {
      abcd = "xxxxxxx"
    }
  }
}

resource "aws_iam_role_policy" "cwe2slack_lambda_service_policy" {
  name = "test_policy"
  role = "${aws_iam_role.cwe2slack_lambda_service_role.id}"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "codebuild:BatchGet*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:logs:*:*:*"
    }
  ]
}
EOF
}

resource "aws_iam_role" "cwe2slack_lambda_service_role" {
  name = "cwe2slack_lambda_service_role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_lambda_permission" "allow_cloudwatch_to_call_cwe2slack_lambda" {
    statement_id = "AllowExecutionFromCloudWatch"
    action = "lambda:InvokeFunction"
    function_name = "${aws_lambda_function.cwe2slack_lambda.function_name}"
    principal = "events.amazonaws.com"
    depends_on = [
      "aws_cloudwatch_event_rule.build_state_change", "aws_cloudwatch_event_target.notification"
    ]
    source_arn = "${aws_cloudwatch_event_rule.build_state_change.arn}"
}

resource "aws_cloudwatch_event_rule" "build_state_change" {
    name        = "codebuild_to_cloudwatch"
    description = "Capture state change of CodeBuild projects and send out to Slack Lambda"
    depends_on = [
      "aws_lambda_function.cwe2slack_lambda"
    ]
    event_pattern = <<PATTERN
    {
        "detail-type:": [
            "CodeBuild Build State Change"
        ],
        "source": [
            "aws.codebuild"
        ]
    }
    PATTERN
}

resource "aws_cloudwatch_event_target" "notification" {
    target_id   = "SendToSlack"
    rule        = "${aws_cloudwatch_event_rule.build_state_change.name}"
    arn         = "${aws_lambda_function.cwe2slack_lambda.arn}"
}

Expected Behavior

Should create a Cloudwatch Rule which triggers a Lambda which infact sends Codebuild notification to a Slack group.

Actual Behavior

The infrastructure is created but the Cloudwatch Rule isn't triggering the Lambda. When I create the Cloudwatch Rule through the console I see it behaving properly.

Steps to Reproduce

1. terraform init
2. terraform apply
   Optionally - Create a CodeBuild Project and connect it with any SCM or S3 and start a build. You could also use the example payload and pass it directly to CloudWatch event

References

• Add issue_template #6017

[vibhuyadav]

Closing! Magically works now, AWS must have fixed something behind the scenes.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.