Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@aws-cdk/aws-iot: Add an option for CfnTopicRule to automatically create CfnPermission to invoke Lambda Function #16339

Closed
olivierpichon opened this issue Sep 2, 2021 · 3 comments
Closed

@aws-cdk/aws-iot: Add an option for CfnTopicRule to automatically create CfnPermission to invoke Lambda Function #16339

olivierpichon opened this issue Sep 2, 2021 · 3 comments
Labels
@aws-cdk/aws-iot Related to AWS IoT effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p1

Comments

@olivierpichon
Copy link

When creating a TopicRule that should call a AWS Lambda, all the resources are correctly created without error.
However the lambda function is never invoked. On the AWS console, when going into the created topic rule, click edit and then just update is enough to "fix" the problem:

131100999-9ec49684-e97f-4a25-9fb9-113f433f7bb0

After a lot of digging, a CfnPermission appear to be needed for the lambda function to be invoked. The error is otherwise not surfaced to the end user. This problem was faced already and logged here for example: #12772
But because of the absence of error, the source of the problem could not be identified, even by the CDK team. This is of course not a CDK bug though, one would face the same problem using Cloudformation.

Proposed Solution

As CDK's main role and philosophy is to ship with sensible default, I would suggest to have an option when creating a CfnTopicRule which would automatically create the right CfnPermission under the hood.

E.g, something like this (a withCfnPermission attribute):

new CfnTopicRule(this, "TelemetryIngestion", {
      ruleName: 'TelemetryIngestion',
      topicRulePayload: {
        sql: "SELECT time, topic(2) as site_id, topic(3) AS device_type, topic(4) AS device_id, topic(5) AS endpoint, value FROM 'dt/+/+/+/#'",
        ruleDisabled: false,
        awsIotSqlVersion: '2016-03-23',
        actions: [
          {
            lambda: { functionArn: fn.functionArn, withCfnPermission: true }
          }
        ]
      }
    })

Thanks a lot for consideration and for the great work!
@olivierpichon olivierpichon added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Sep 2, 2021
@github-actions github-actions bot added @aws-cdk/aws-iot Related to AWS IoT @aws-cdk/aws-lambda Related to AWS Lambda labels Sep 2, 2021
@jumic
Copy link
Contributor

jumic commented Sep 2, 2021

Some additional information:

The Lambda documentation describes that this permission has to be added when a Lambda function is used with AWS IoT.

Feature request #5420 already requests to add the generation of this permission in CDK.

Furthermore, pull request #13581 contains a L2 Construct that implements the necessary permission automatically. Currently, this feature request is labeled as P2, therefore it's a good idea to react with +1 to this PR which will help the CDK team to priorize the PR.

@nija-at nija-at removed the @aws-cdk/aws-lambda Related to AWS Lambda label Oct 14, 2021
@nija-at nija-at removed their assignment Oct 14, 2021
@skinny85 skinny85 added effort/small Small work item – less than a day of effort p1 in-progress This issue is being actively worked on. and removed needs-triage This issue or PR still needs to be triaged. labels Oct 19, 2021
@skinny85 skinny85 removed their assignment Oct 19, 2021
@yamatatsu
Copy link
Contributor

This is resolved by #17110 😃

@skinny85 skinny85 closed this as completed Nov 9, 2021
@github-actions
Copy link

github-actions bot commented Nov 9, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iot Related to AWS IoT effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@skinny85 @olivierpichon @yamatatsu @jumic @nija-at