Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Why wasn't my Lambda function triggered by my EventBridge rule?

4 minute read
0

I want to troubleshoot why the Amazon EventBridge rule that I created doesn’t invoke my AWS Lambda function.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Review Amazon CloudWatch metrics for the EventBridge rule

Complete the following steps:

  1. Open the CloudWatch console.
  2. From the navigation pane, under Metrics, choose All Metrics.
  3. Choose the AWS/Events namespace.
  4. Choose the TriggeredRules, Invocations, and FailedInvocations metrics for the rule. If necessary, view the metrics with the SUM statistic.
    Note: If the metrics include FailedInvocations data points, then the rule might have failed to invoke the target. For more information, see EventBridge metrics.

Confirm that the Lambda function's resource policy has the appropriate permissions

When you use the EventBridge console to create the rule, the console automatically adds the appropriate permissions to the function's resource-based policy. When you use AWS CLI, AWS SDK, or AWS CloudFormation to create a rule, you must manually apply the permissions in the resource-based policy. The permissions grant the EventBridge service access to invoke the Lambda function.

Review the permissions associated with the target Lambda function

Complete the following steps:

  1. Open the Lambda console.
  2. Select the target Lambda function.
  3. Choose the Configuration tab, and then choose Permissions.
  4. Under the Resource-based policy section, review the policy document.
    Note: Or, to retrieve the Lambda function's resource policy, use the GetPolicy API or the get-policy AWS CLI command with the appropriate inputs.

The following resource policy example allows EventBridge to invoke the Lambda function:

{  "Effect": "Allow",
  "Action": "lambda:InvokeFunction",
  "Resource": "arn:aws:lambda:region:account-id:function:function-name",
  "Principal": {
    "Service": "events.amazonaws.com"
  },
  "Condition": {
    "ArnLike": {
      "AWS:SourceArn": "arn:aws:events:region:account-id:rule/rule-name"
    }
  },
  "Sid": "InvokeLambdaFunction"
}

Note: Replace Resource with the Lambda function ARN and SourceArn with the rule ARN.

Update the resource policy

Complete the following steps:

  1. Open the Lambda console.
  2. Choose the target Lambda function.
  3. Choose the Configuration tab, and then select Permissions.
  4. In the Resource-based policy section, choose Add permissions.
  5. Choose AWS Service - EventBridge.
  6. Provide the Statement ID as an optional identifier for your policy statement.
  7. For Principal, use events.amazonaws.com.
  8. Provide Source ARN as an ARN of the EventBridge rule.
  9. For Action, select lambda:InvokeFunction from the dropdown list.
  10. Choose Save.

To update the policy, you can also use the AddPermission API. Or, run the add-permission AWS CLI command similar to the following example:

aws lambda add-permission \--function-name MyFunction \--statement-id MyId \
--action 'lambda:InvokeFunction' \
--principal events.amazonaws.com \
--source-arn arn:aws:events:us-east-1:123456789012:rule/MyRule

Add a DLQ to the target on Amazon SQS

EventBridge uses dead-letter queues (DLQs) on Amazon Simple Queue Service (Amazon SQS) to store events that couldn't deliver to a target. Attach an SQS DLQ to the target that reports FailedInvocations. To obtain further context on the issue, you can retrieve the events from the DLQ. The failed events can be sent again to the target to be processed.

Complete the following steps:

  1. Open the relevant rule in the EventBridge console.
  2. Under Targets, select Edit, and then expand the Additional settings section.
  3. Under Dead-letter queue, choose Select an Amazon SQS queue in the current AWS account to use as the dead-letter queue.
  4. Choose an SQS queue to use as the DLQ.
  5. After you assign the DLQ, review and save your changes.

Related information

My rule ran but my Lambda function wasn't invoked

AWS Lambda permissions

Using dead-letter queues to process undelivered events in EventBridge

Improved failure recovery for Amazon EventBridge

Topics
Application IntegrationServerless
Tags
Amazon EventBridge
Language
English

Related videos

Watch Napoleone's video to learn more (4:17)
Watch Napoleone's video to learn more (4:17)
AWS OFFICIALUpdated 8 months ago
No comments

Relevant content