No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

you need to have an aws_lambda_permission in place to allow access to it

<@UKQCFENQN> Can you use this thread, please?

I have notifications activated to follow new topics.

<@UHTP242EB> cheers, will try ad add that policy

Thanks. No worries. I just want to make sure that people won’t stop watching this channel.

Keep up talking here. I just will “unfollow this thread”. That’s the better way, isn’t it? :slightly_smiling_face:

<@UEPNUG6Q7> there’s a lot of debate about whether threads actually are better: most large slack orgs ban their use because of accessibility problems.

<@UB8A66MPS> Oh, really? Didn’t know that. What kind of accessibility problems? Actually, some guys in my company don’t use threads much, as well. But that’s the minority.
Can you give me a link to one of the debates, please?

going back to this. is EventPermission the correct place to look? <https://www.pulumi.com/docs/reference/pkg/python/pulumi_aws/cloudwatch/>

ok i don’t think it’s this which leaves me stumped

i did try this but, correct me if I’m wrong, the permission json isn’t a policy as there is no Version and Statement properties and also this errors saying it’s invalid json

```
const eventPolicy = {
    "Effect": "Allow",
    "Action": "lambda:InvokeFunction",
    "Resource": "arn:aws:lambda:eu-central-1:551069080387:function:" + apiLambda.name,
    "Principal": {
        "Service": "<http://events.amazonaws.com|events.amazonaws.com>"
    },
    "Condition": {
        "ArnLike": {
            "AWS:SourceArn": "arn:aws:events:eu-central-1:551069080387:rule/" + eventRule.name
        }
    },
    "Sid": "TrustCWEToInvokeMyLambdaFunction"
};




const pingPolicy = new aws.iam.Policy(prefix + "ping-policy", {
    name: prefix + "ping-policy",
    policy: JSON.stringify(eventPolicy)
});

const pingPolicyAttachment = new aws.iam.RolePolicyAttachment(prefix + "attach-ping-role", {
    policyArn: pingPolicy.arn,
    role: role.name
});
```

You need to wrap your json in Pulumi.interpolate otherwise it isn’t valid

```
const eventPolicy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "lambda:InvokeFunction",
            "Resource": "arn:aws:lambda:eu-central-1:551069080387:function:" + apiLambda.name,

            "Condition": {
                "ArnLike": {
                    "AWS:SourceArn": "arn:aws:events:eu-central-1:551069080387:rule/" + eventRule.name
                }
            },
            "Sid": "TrustCWEToInvokeMyLambdaFunction"
        }
    ]
};


const pingPolicy = new aws.iam.Policy(prefix + "ping-policy", {
    name: prefix + "ping-policy",
    policy: JSON.stringify(eventPolicy),
    description: "Deployed as part of " + githashVersion + " release"
});

const pingPolicyAttachment = new aws.iam.RolePolicyAttachment(prefix + "attach-ping-role", {
    policyArn: pingPolicy.arn,
    role: role.name
});

```