Christopher Stevens
Reputation: 1248
In a Cloudformation template, how do I reference a dynamically generated Lambda function ARN in an IoT Rule?
Using AWS Amplify CLI, I've created a Lambda function for my project. It created a Cloudformation template as part of that process. I'm editing the template, adding an IoT rule to trigger the lambda function. The function name itself changes per environment, along with the Lambda function ARN I'm attempting to target in my IoT rule section.
Here's the section I'm working on now:
"IoTRuleS3RequestSignedUrl": {
"Type": "AWS::IoT::TopicRule",
"Properties": {
"RuleName": "twinTigerSecurityS3SignedUrlRequests",
"TopicRulePayload": {
"Actions": [
{
"Lambda": {
"FunctionArn": "HOW DO I REFERENCE THIS DYNAMIC ARN?"
}
}
],
"Description": "Get S3 bucket signed URL to upload image directly to S3.",
"RuleDisabled": false,
"Sql": "SELECT operation, bucket, key, replyTo FROM 'iot/topic'"
}
}
}
Here's the full template in progress:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Lambda resource stack creation using Amplify CLI",
"Parameters": {
"CloudWatchRule": {
"Type": "String",
"Default" : "NONE",
"Description" : " Schedule Expression"
},
"env": {
"Type": "String"
}
},
"Conditions": {
"ShouldNotCreateEnvResources": {
"Fn::Equals": [
{
"Ref": "env"
},
"NONE"
]
}
},
"Resources": {
"LambdaFunction": {
"Type": "AWS::Lambda::Function",
"Metadata": {
"aws:asset:path": "./src",
"aws:asset:property": "Code"
},
"Properties": {
"Handler": "index.handler",
"FunctionName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"twinTigerSecurityRequestS3SignedUrl",
{
"Fn::Join": [
"",
[
"twinTigerSecurityRequestS3SignedUrl",
"-",
{
"Ref": "env"
}
]
]
}
]
},
"Environment": {
"Variables" : {
"ENV": {
"Ref": "env"
},
"REGION": {
"Ref": "AWS::Region"
}
}
},
"Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
"Runtime": "nodejs12.x",
"Timeout": "25"
}
},
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"twintigersecurityLambdaRolebf1a383b",
{
"Fn::Join": [
"",
[
"twintigersecurityLambdaRolebf1a383b",
"-",
{
"Ref": "env"
}
]
]
}
]
},
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
}
}
,"lambdaexecutionpolicy": {
"DependsOn": ["LambdaExecutionRole"],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "lambda-execution-policy",
"Roles": [{ "Ref": "LambdaExecutionRole" }],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action":["logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"],
"Resource": { "Fn::Sub" : [ "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", { "region": {"Ref": "AWS::Region"}, "account": {"Ref": "AWS::AccountId"}, "lambda": {"Ref": "LambdaFunction"}} ]}
}
]
}
}
},
"IoTRuleS3RequestSignedUrl": {
"Type": "AWS::IoT::TopicRule",
"Properties": {
"RuleName": "twinTigerSecurityS3SignedUrlRequests",
"TopicRulePayload": {
"Actions": [
{
"Lambda": {
"FunctionArn": "HOW DO I REFERENCE THIS DYNAMIC ARN?"
}
}
],
"Description": "Get S3 bucket signed URL to upload image directly to S3.",
"RuleDisabled": false,
"Sql": "SELECT operation, bucket, key, replyTo FROM 'iot/topic'"
}
}
}
},
"Outputs": {
"Name": {
"Value": {
"Ref": "LambdaFunction"
}
},
"Arn": {
"Value": {"Fn::GetAtt": ["LambdaFunction", "Arn"]}
},
"Region": {
"Value": {
"Ref": "AWS::Region"
}
},
"LambdaExecutionRole": {
"Value": {
"Ref": "LambdaExecutionRole"
}
}
}
}
I could do this in the UI, however that's not ideal long-term nor the intent of configuration by code provided by Amplify/Cloudformation. What's the best way to proceed in referencing the Lambda function from the IoT rule?
Upvotes: 0
Views: 2252
Answers (1)
alexis-donoghue
Reputation: 3387
You can use intrinsic function Fn::GetAtt to get ARN of the resource like follows:
"Fn::GetAtt": ["LambdaFunction", "Arn"]
Upvotes: 3
Related Questions
- AWS - How to pass ARN from cloud formation template to aws lambda function
- CloudFormation - Access Parameter from Lambda Code
- In CloudFormation, how do I target a Lambda alias in Events::Rule
- Retrieve the arn of a lambda function from a cloudformation stack
- How to pass a parameter from CloudFormation to an AWS Lambda function stored in an S3 bucket
- Deploy lambda function inline
- Reference resource in CloudFormation template in inline code property of a Lambda function
- How to add the taking of a parameter in AWS CloudFormation
- Cloudformation lambda function code reference a generated s3 bucket
- Access AWS CloudFormation ARN from inside Lambda Function