I have code that dynamically creates scheduled CloudWatch Event rules, which are supposed to invoke a lambda function. This means that there is no static rule that is set up to invoke the lambda, instead rules are created and removed as needed.
When setting up this manually through the AWS console I have no issues - the lambda function is displayed as without any trigger, but implicitly the console created a resource-based function policy for my lambda function with lambda:InvokeFunction from the source principal events.amazonaws.com .
However, when setting up this through Serverless, I first tried leaving the event: parameter empty for my function. CloudWatch Event rules are created fine, with the lambda function as target seemingly looking OK, but they will silently fail to be invoked due to the function not having any resource-based policy matching the event.
Then I tried creating adding a cloudWatchEvent event to the function event parameter, but that ended up creating a static CloudWatch Event rule and attaching a resource-based policy for it to my lambda function. The policy has a Condition: ArnLike: AwsSourceArn: . This doesn’t help me as I want my function to be invokable by my dynamically created rules.
How can I set serverless up to create my lambda function, don’t set any trigger for it but give it a resource-based policy so that it can be triggered by CloudWatch Event rules that doesn’t exist at deploy time (any events:* would be fine)? Is there any way to explicitly define a resource-based function policy, or can it only be defined implicitly through the list of events for a function?
Or do I have to do this in two steps, so that my function is always triggered by one static event, which in turn can be triggered by the dynamically added events instead of them directly triggering the function?