This message was deleted.

Finally figured it out, was able to get it working with:

const authBridge: aws.cloudwatch.EventRuleEventHandler = async (
    event
) => {
    .... your code here ...
}

const lambdaPolicy = aws.iam.getPolicyDocumentOutput({
    statements: [
        {
            effect: "Allow",
            actions: ["logs:CreateLogGroup"],
            resources: [`arn:aws:logs:*:${awsAccountId}:*`],
        },
        {
            effect: "Allow",
            actions: [
                "logs:CreateLogStream",
                "logs:PutLogEvents",
            ],
            resources: [`arn:aws:logs:*:${awsAccountId}:log-group:/aws/lambda/${LAMBDA_NAME}`],
        }
    ]
})

const lambdaRole = new aws.iam.Role("lambdaRole", {
    name: "1password-auth-bridge-lambda",
    assumeRolePolicy: {
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Principal: {
                    Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
                },
                Action: "sts:AssumeRole"
            }
        ]
    },
    inlinePolicies: [
        {
            name: "lambdaPolicy",
            policy: lambdaPolicy.json
        }
    ]
})

const authBridgeCallback = new aws.lambda.CallbackFunction<aws.cloudwatch.EventRuleEvent, void>("authBridge", {
    callback: authBridge,
    role: lambdaRole,
    name: LAMBDA_NAME,
})

const authBridgeRule: aws.cloudwatch.EventRuleEventSubscription = aws.cloudwatch.onSchedule("authBridge", "rate(5 minutes)", authBridgeCallback)