Hey Pulumi I have a problem with subscribing Lambda to a SNS Pulumi Community #aws

Hey Pulumi! I have a problem with subscribing Lamb...

boundless-farmer-38967

09/02/2022, 11:15 AM

Hey Pulumi! I have a problem with subscribing Lambda to a SNS topic. I think I have all the components for that to happen, in fact I also see the Lambda subscribed, but when I publish messages to the topic it won't trigger the Lambda. Here are the important bits:

Copy code

//lambda role
const lambdaHandlerRole = new paws.iam.Role(`${projectToken}-data-topic-lambda-role`, {
    assumeRolePolicy: {
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Principal: {
                Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>",
            },
            Effect: "Allow",
            Sid: "",
        }],
    },
});
new paws.iam.RolePolicyAttachment(`${projectToken}-role-attach`, {
    role: lambdaHandlerRole,
    policyArn: paws.iam.ManagedPolicies.AWSLambdaExecute,
});

//SNS topic
const topic = new paws.sns.Topic(`${projectToken}-data-topic`);

//Lambda - code loaded from a sub-dir
const badgerFunc = new paws.lambda.Function(`${projectToken}-data-sender-badger`, {
    code: new pulumi.asset.AssetArchive({
        ".": new pulumi.asset.FileArchive("./lambda/badger"),
    }),
    runtime: "nodejs16.x",
    handler: "index.handler",
    role: lambdaHandlerRole.arn,
});

//Subscribe lambda to SNS
new paws.sns.TopicSubscription(`${projectToken}-badger`, {
    topic: topic.arn,
    protocol: "lambda",
    endpoint: badgerFunc.arn,
});

What I already checked: 1. Run lambda to ensure it's properly set up 2. Manually subscribe the deployed lambda and confirm it triggers on new message 3. Subscribed my email to the same topic to ensure it indeed publishes messages It has to be something in the above set up, but there's no document anywhere with a complete example for subscribing a lambda to a topic. Thanks!

boundless-farmer-38967

09/02/2022, 11:44 AM

See screenshot - here's the subscribed lambda, as it seems all looks good. But I have noticed that in the console in the Lambda page, there's no trigger for that Lambda. And when I manually subscribed the Lambda (in the SNS console) the result was an override of this subscription (not a new one) and that also added the trigger in the Lambda. And it all worked well then.

victorious-church-57397

09/02/2022, 1:20 PM

I think you need to add an event source trigger for the lambda from the sns topic, I don't think a subscription is enough

boundless-farmer-38967

09/02/2022, 3:26 PM

@victorious-church-57397 thanks for the tip. I was under the impression that event sources were not for SNS. How do I add SNS as an event source?

victorious-church-57397

09/02/2022, 3:27 PM

Ah, it might be a lambda permission maybe? I can't see anything there to say sns can invoke it

victorious-church-57397

09/02/2022, 3:31 PM

Copy code

new aws.lambda.Permission('sns-event-trigger-permission', {
    action: 'lambda:InvokeFunction',
    principal: '<http://sns.amazonaws.com|sns.amazonaws.com>',
    function: badgerFunc.arn,
    sourceArn: topic.arn,
});

victorious-church-57397

09/02/2022, 3:31 PM

something like that ^ should solve it

boundless-farmer-38967

09/02/2022, 11:36 PM

@victorious-church-57397 you nailed it!! Man, thanks a lot! I spent on this a couple of hours! 🙂 Definitely earned your weekend!!

victorious-church-57397

09/03/2022, 9:53 AM

No probs mate! I was stuck on same thing a couple months ago! Glad I could help :)

🙏 1

2 Views

Open in Slack

Previous Next