https://pulumi.com logo
#typescript
Title
# typescript
b

broad-dog-22463

08/05/2019, 8:47 AM
you need to have an aws_lambda_permission in place to allow access to it
s

stocky-island-3676

08/05/2019, 8:47 AM
@glamorous-waitress-51149 Can you use this thread, please?
I have notifications activated to follow new topics.
g

glamorous-waitress-51149

08/05/2019, 8:49 AM
@broad-dog-22463 cheers, will try ad add that policy
b

broad-dog-22463

08/05/2019, 8:50 AM
sorry @stocky-island-3676
s

stocky-island-3676

08/05/2019, 8:53 AM
Thanks. No worries. I just want to make sure that people won’t stop watching this channel. Keep up talking here. I just will “unfollow this thread”. That’s the better way, isn’t it? 🙂
s

stocky-spoon-28903

08/05/2019, 8:55 AM
@stocky-island-3676 there’s a lot of debate about whether threads actually are better: most large slack orgs ban their use because of accessibility problems.
s

stocky-island-3676

08/05/2019, 9:00 AM
@stocky-spoon-28903 Oh, really? Didn’t know that. What kind of accessibility problems? Actually, some guys in my company don’t use threads much, as well. But that’s the minority. Can you give me a link to one of the debates, please?
g

glamorous-waitress-51149

08/05/2019, 1:35 PM
going back to this. is EventPermission the correct place to look? https://www.pulumi.com/docs/reference/pkg/python/pulumi_aws/cloudwatch/
ok i don’t think it’s this which leaves me stumped
i did try this but, correct me if I’m wrong, the permission json isn’t a policy as there is no Version and Statement properties and also this errors saying it’s invalid json
Copy code
const eventPolicy = {
    "Effect": "Allow",
    "Action": "lambda:InvokeFunction",
    "Resource": "arn:aws:lambda:eu-central-1:551069080387:function:" + apiLambda.name,
    "Principal": {
        "Service": "<http://events.amazonaws.com|events.amazonaws.com>"
    },
    "Condition": {
        "ArnLike": {
            "AWS:SourceArn": "arn:aws:events:eu-central-1:551069080387:rule/" + eventRule.name
        }
    },
    "Sid": "TrustCWEToInvokeMyLambdaFunction"
};




const pingPolicy = new aws.iam.Policy(prefix + "ping-policy", {
    name: prefix + "ping-policy",
    policy: JSON.stringify(eventPolicy)
});

const pingPolicyAttachment = new aws.iam.RolePolicyAttachment(prefix + "attach-ping-role", {
    policyArn: pingPolicy.arn,
    role: role.name
});
b

broad-dog-22463

08/06/2019, 10:15 AM
You need to wrap your json in Pulumi.interpolate otherwise it isn’t valid
It needs to add prefix first
g

glamorous-waitress-51149

08/06/2019, 10:19 AM
got it working
Copy code
const eventPolicy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "lambda:InvokeFunction",
            "Resource": "arn:aws:lambda:eu-central-1:551069080387:function:" + apiLambda.name,

            "Condition": {
                "ArnLike": {
                    "AWS:SourceArn": "arn:aws:events:eu-central-1:551069080387:rule/" + eventRule.name
                }
            },
            "Sid": "TrustCWEToInvokeMyLambdaFunction"
        }
    ]
};


const pingPolicy = new aws.iam.Policy(prefix + "ping-policy", {
    name: prefix + "ping-policy",
    policy: JSON.stringify(eventPolicy),
    description: "Deployed as part of " + githashVersion + " release"
});

const pingPolicyAttachment = new aws.iam.RolePolicyAttachment(prefix + "attach-ping-role", {
    policyArn: pingPolicy.arn,
    role: role.name
});