Lambda S3 problem - Fn::GetAtt

Serverless Framework
, ,
1

Hi guys, i have some prooblems creating one lambda.
This lambda have a event to notification when some file are created inside of the bucket.
The problem is when try to creat the policy using Fn::GetAtt, all the time give me the error:

The CloudFormation template is invalid: Template error: instance of Fn::GetAtt references undefined resource myfunctionnewLambdaFunction

This is my serverless.yml:

service: my-function-new
package:
  individually: true
provider:
  name: aws
  stage: ${opt:stage, 'dev'}


functions:
  myfunctionnew:
    handler: main.lambda_handler
    name: my-function-new-${self:provider.stage}
    timeout: 900
    memorySize: 10240
    events:
      - s3:
          bucket: source-bucket-prod.example.com
          event: s3:ObjectCreated:*
          rules:
            - prefix: new-2022/
            - suffix: .TXT
          existing: true
    role: myfunctionnew
    vpc: ${self:custom.${self:provider.stage}.vpcConfig}
    environment: ${self:custom.${self:provider.stage}.env}
    runtime: python3.8
    layers: ${self:custom.${self:provider.stage}.layer,null}

resources:
  Resources:
    myfunctionnew:
      Type: AWS::IAM::Role
      Properties:
        RoleName: ${self:functions.myfunctionnew.name}-role
        ManagedPolicyArns:
          - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action: sts:AssumeRole
        Policies:
          - PolicyName: ${self:functions.myfunctionnew.name}-policy
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
                - Effect: Allow
                  Action:
                    - "s3:*"
                    - "s3-object-lambda:*"
                    - "ec2:DescribeVpcEndpoints"
                    - "ec2:DescribeRouteTables"
                    - "ec2:CreateNetworkInterface"
                    - "ec2:DeleteNetworkInterface"
                    - "ec2:DescribeNetworkInterfaces"
                    - "ec2:DescribeSecurityGroups"
                    - "ec2:DescribeSubnets"
                    - "ec2:DescribeVpcAttribute"
                    - "ec2:DescribeVpcs"
                  Resource: "*"

    myfunctionnewLambdaPermissionTriggeredBucketS3:
      Type: AWS::Lambda::Permission
      DependsOn:
        - myfunctionnewLambdaFunction
      Properties:
        FunctionName: !GetAtt myfunctionnewLambdaFunction.Arn
        Action: lambda:InvokeFunction
        Principal: s3.amazonaws.com
        SourceAccount: 0112049999999
        SourceArn: arn:aws:s3:::source-bucket-prod.example.com

custom:
  stage: ${file(./stage.yml)}
  prod: ${file(./prod.yml)}

Thx
BR

2

Fixed…
The solution is really simple:

    myfunctionnewLambdaPermissionTriggeredBucketS3:
      Type: AWS::Lambda::Permission
      DependsOn:
        - MyfunctionnewLambdaFunction
      Properties:
        FunctionName: !GetAtt MyfunctionnewLambdaFunction.Arn
        Action: lambda:InvokeFunction
        Principal: s3.amazonaws.com
        SourceAccount: '0112049999999'
        SourceArn: arn:aws:s3:::source-bucket-prod.example.com

Thx

3

Hello @sanroll

Your fix is not clear, the change I see is the capital first character but I don’t see the real function name MyfunctionnewLambdaFunction in the above functions, is that a mistake?

I’m also facing the issue, the problem is my function is like this ‘my-new-function’ I think interpreted as ‘MyNewFunction’ but still not working.

Any idea about it?

Thanks
Yougesh