I have the following function definition:
Collects new records from orders table and saves them in GOB format on S3
Sends the file to Slack
Updates state of all fetched records to downloaded
- Effect: Allow
Resource: [!GetAtt orders.Arn, !Join [ '/', [!GetAtt orders.Arn, index/*]]]
ORDERS_TABLENAME: !Ref orders
UPLOAD_BUCKET: !Ref UploadBucket
rate: rate(5 minutes)
if i execute the lambda from the console, it works fine, but the schedule does not seem to be triggering, what am I missing?
any advice is much appreciated.
Initial guess would be that the IAM role you have assumed when logged in via the console has more privileges than than IAM role you’re creating in the serverless.yml.
If you want to save the orders
in GOB format on S3 then the lambda will need write access to S3, something like Here
The function has read/write access to S3. The shared snipped only contains configuration specific to this function but since the bucket was being shared with a lot of other functions, We added permission for that in provider section in
serverless.yml. The attached configuration is just imported in
All this function needs was, s3:putObject, s3:getObject, dynamodb:Query, dynamodb:UpdateItem and we have added all the permissions.
The only problem we are facing right now is, This function doesn’t executes automatically at the given intervals.
It works perfectly fine when I go into the Lambda console, Create a test event and try to run it using the test event.
I’m still inclined to think it’s an IAM permissions issue, the lambda may not have permission to invoke itself, I found an answer on StackOverflow which may help you here.
So, I read up a little bit on how this particular bit in serverless works and learned it creates cloudwatch event rules and binds the rules with the function that needs to be executed.
Then, I found the interface where I can check existing rules and serverless is not even adding cloudwatch event rules which is why the function is not triggering automatically.
I tried deploying in Debug mode and I get no warnings or any indication as to what may be going wrong here.
Also, To test your suggestion, I added
lambda:InvokeFunction permission in the provider section to all the resources in my project and that didn’t help.
Now, I am trying to figure out why won’t it add cloudwatch event rules.
I checked the lambdas I have access to and found one which is shceduled every 5 minutes using rate() and the iam role for it has the following actions for resource for resources:
Hope this helps.
Are there any Cloudwatch logs for the execution of the Lambda?
it was an alignment issue in the attached configuration in original post. serverless never gave us a warning to help us understand what was wrong and only really figured it out after hours of hit and trial.
No way, Good investigating! At least you’ll know to check that in the future… and so will I and anyone else who reads this thread.