Hi I am using AWS SAM to deploy a serverless application that also relies on 1Click devices I have the template deploying fine but I have to exclude this value:
CallbackOverrides:
onClickCallback:
here is the template file
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: securitybutton
Globals:
Function:
Timeout: 10
Resources:
SecurityButtonFunction:
Type: AWS::Serverless::Function
Policies:
- AmazonSNSFullAccess
Properties:
CodeUri: src
Handler: index.lambdaHandler,
Runtime: nodejs12.x
MemorySize: 512
Events:
IoTRule:
Type: IoTRule
Properties:
Sql: SELECT * FROM 'iotbutton/*'
#TOPICS
BRSecurityButtonTopic:
Type: AWS::SNS::Topic
#IoT
#project
BRSecurityButtonProject:
Type: "AWS::IoT1Click::Project"
Properties:
ProjectName: "BRSecurityButton"
Description: "BRSecurityButton"
PlacementTemplate:
DefaultAttributes:
SNSTopic: Changeme
Location: Changeme
Theatre: Changeme
DeviceTemplates:
SecuityButtonTemplate:
DeviceType: "button"
CallbackOverrides:
onClickCallback: !GetAtt
- SecurityButtonFunction
- Arn
Outputs:
SecurityButtonFunction:
Description: "Security Button Lambda Function ARN"
Value: !GetAtt SecurityButtonFunction.Arn
Here is the resulting cloudFormation error:
Lambda function
arn:aws:lambda:us-east-1:LALALALALALA:function:securitybutton-prod-SecurityButtonFunction-6OB47JEIU192
cannot be invoked. (Service: AWSIoT1ClickProjects; Status Code: 400;
Error Code: InvalidRequestException; Request ID:
f0e94cd5-0310-4dcf-8d4a-a5ee8b102590; Proxy: null)
on the logical ID of BRSecurityButtonProject
any help would be appreciated
I found that the issue was related to IAM. Added this to the SAM template, which granted access for any IoT 1-click projects in the account to invoke the Lambda function.
SecurityButtonFunctionIoTPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt SecurityButtonFunction.Arn
Action: lambda:InvokeFunction
Principal: iot1click.amazonaws.com
SourceAccount: !Ref "AWS::AccountId"
Related
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
sam-app
Sample SAM Template for sam-app
model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 3
Resources:
readOrdersFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
FunctionName: readOrders
CodeUri: read_order/
Handler: read_orders.lambda_handler
Runtime: python3.8
Events:
ReadOrdersApi:
Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Properties:
RestApiId: !Ref BasicAWSApiGateway
Path: /read
Method: get
BasicAWSApiGateway:
Type: AWS::Serverless::Api
Properties:
Name: Basic AWS Api Gateway
StageName: Staging
Outputs:
BasicAWSApiGateway:
Description: 'API Gateway endpoint URL for Staging stage for Hello World function'
Value: !Sub 'https://${BasicAWSApiGateway}.execute-api.${AWS::Region}.amazonaws.com/Staging/read/'
BasicAWSApiGatewayRestApiId:
Description: 'API Gateway ARN for Basic AWS API Gateway'
Value: !Ref BasicAWSApiGateway
Export:
Name: BasicAWSApiGateway-RestApiId
BasicAWSApiGatewayRootResourceId:
Value: !GetAtt BasicAWSApiGateway.RootResourceId
Export:
Name: BasicAWSApiGateway-RootResourceId
Indentation/whitespace is significant in YAML. BasicAWSApiGateway is indented too far
I am learning working with AWS lambda and api gateway. I started with sam cli, initialized a hello world template ( code below). when deploy.yaml file is generated via - sam package ... command and stack is generated via cloud formation , it looks like this already generates an api end point. I wanted to create an api gateway with resource, methods, usage plan , api key and so forth. so I started adding following resources to the original template. How can i wire up my api gateway with the lambda function.
ApiGatewayRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
ApiKeySourceType: HEADER
Description: An API Gateway with a Lambda Integration
EndpointConfiguration:
Types:
- EDGE
Name: lambda-api
ApiGatewayResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !GetAtt ApiGatewayRestApi.RootResourceId
PathPart: 'lambda'
RestApiId: !Ref ApiGatewayRestApi
ApiGatewayMethod:
Type: AWS::ApiGateway::Method
Properties:
ApiKeyRequired: false
AuthorizationType: NONE
HttpMethod: GET
ResourceId: !Ref ApiGatewayResource
RestApiId: !Ref ApiGatewayRestApi
original template
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
simple-node-api
Sample SAM Template for simple-node-api
Globals:
Function:
Timeout: 3
Resources:
HelloWorldfunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: hello-world/
Handler: app.lambdaHandler
Runtime: python3.7
Events:
HelloWorld:
Type: Api
Properties:
Path: /{proxy+}
Method: get
Outputs:
HelloWorldApi:
Description: API Gateway endpoint URL for Prod stage for Hello World function
Value:
Fn::Sub: https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/hello/"
HelloWorldfunction:
Description: Express Backend Lambda Function ARN
Value: !Sub HelloWorldfunction.Arn
HelloWorldFunctionIamRole:
Description: Implicit IAM Role created for Hello World function
Value: !Sub HelloWorldFunctionRole.Arn
I created following yml file to deploy with SAM in AWS. But when I added the Role it fails with error "UPDATE_ROLLBACK_COMPLETE. Reason: No reason was provided.". Why does it happens?
Resources:
HelloWorld:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub 'awscodestar-${ProjectId}-lambda-HelloWorld'
Handler: index.handler
Runtime: python3.7
Role: arn:aws:iam::790615885331:role/lambda_dynam
Events:
GetEvent:
Type: Api
Properties:
Path: /
Method: get
PostEvent:
Type: Api
Properties:
Path: /
Method: post
It fails if I completely remove the Role and it works only if I added following expression as the Role
Role:
Fn::GetAtt:
- LambdaExecutionRole
- Arn
I want to add a already created role.
I get the following error upon attempting to sam deploy --guided my lambda application.
Error: Failed to create changeset for the stack: {stack-name}, An error occurred (ValidationError) when calling the CreateChangeSet operation: Stack:arn:aws:cloudformation:ap-southeast-2:014009325916:stack/{stack-name}/f2212bf0-bb41-11ea-8ef3-0aa7af0536b6 is in ROLLBACK_COMPLETE state and can not be updated.
Some further context into this issue is that all of my lambda functions do not have authorization defined. Not sure if that is related but I'm stating it in the case that it is.
I frankly have no idea how to go about this issue. Any help is appreciated.
===
Context: Building an automated trading system
Request for Cloudformation Template:
yaml
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: A tradingview alert wrapper that interprets alerts and makes trades according to them.
Globals:
Function:
# CodeUri: function/.
# Runtime: python3.8
# Policies:
# - AWSLambdaFullAccess
# Tracing: Active
# Timeout: 30
Environment:
Variables:
APIKEY: ""
SECRETKEY: ""
Resources:
tradeFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.trade
Description: The primary execution function
CodeUri: function/.
Runtime: python3.8
Policies:
- AWSLambdaFullAccess
Tracing: Active
Timeout: 60
Events:
inputResponse:
Type: Api
Auth:
ApiKeyRequired: false
Authorizer: NONE
Properties:
Path: /trade
Method: post
printAccountBalanceFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: function/.
Runtime: python3.8
Policies:
- AWSLambdaFullAccess
Tracing: Active
Timeout: 30
Handler: app.print_account_balance
Description: Returns account balance over time or trade
Events:
inputResponse:
Type: Api
Properties:
Path: /print_account_balance
Method: get
startTradesFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: function/.
Runtime: python3.8
Policies:
- AWSLambdaFullAccess
Tracing: Active
Timeout: 30
Handler: app.start_trades
Description: Resets trade log for a fresh start
Events:
inputResponse:
Type: Api
Properties:
Path: /start_trades
Method: get
retrieveTradeLogFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: function/.
Runtime: python3.8
Policies:
- AWSLambdaFullAccess
Tracing: Active
Timeout: 30
Handler: app.retrieve_trade_log
Description: Return all the trade logs in the dyanamoDB database
Events:
inputResponse:
Type: Api
Properties:
Path: /retrieve_trade_log
Method: get
The error is encountered to my understanding when one does an initial deployment and that initial deployment fails. As a result of this, something breaks and the deployment service can not execute successfully. To fix this issue, simple delete the aws cloudformation stack and redeploy.
One can use the following command to delete:
aws cloudformation delete-stack --stack-name <insert stack-name>
Reference
Might need to run sam build first so your resources can get the latest changes
I am having some trouble writing the cloudformation script for cloudwatch event trigger to kick off my lambda script, I know I can do it through the console but my requirement is that I need to provision everything in cloudformation. I followed the documentation and it still haven't worked for me and I kept getting the error:
Template contains errors.: Invalid template property or properties
[rPermissionForEventsToInvokeLambda, rLambdaScheduledRule]
can someone point out what is the issue with this part of my cloudformation script? I followed the document almost to the letter and still having error, even the example in the documentation have the same error when I tried to validate it. my cloudformation code is below, any help is appreciated!
rLambdaScheduledRule:
Type: AWS::Events::Rule
Properties:
ScheduleExpression: rate(1 hour)
State: ENABLED
Targets:
Ref:
Fn::ImportValue:
Fn::Sub: rUploadLambda
Action: lambda:InvokeFunction
rPermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName:
Ref:
Fn::ImportValue:
Fn::Sub: rUploadLambda
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn:
Fn::GetAtt:
- rLambdaScheduledRule
- Arn
1) You must export the Lambda function ARN in the CloudFormation template in which you create the lambda function. You need to pass the Lambda function ARN as input to the cloudwatch event (The AWS::Events::Rule Targets attribute requires a resource ARN).
See a sample script below:
Resources:
# Create Controlled Lambda Function
myLambda:
Type: "AWS::Lambda::Function"
Properties:
Code:
S3Bucket: "lambda-bucket"
S3Key: "myhandler.zip"
Description: "Lambda handler"
FunctionName: "myhandler"
Handler: myhandler.myhandler
MemorySize: 128
Role: "arn:aws:iam::xxxxxxxxxxx:role/myLambdaExecutionRole-NC7FA7TUSZ5B"
Runtime: "python3.6"
Timeout: 10
# Output of the cf template
Outputs:
myLambdaArn:
Description: Arn of the my_lambda_function
Value: !GetAtt myLambda.Arn
Export:
Name: !Sub "${AWS::StackName}-LambdaArn"
2) When you create the CloudWatch Event, you need to pass the ARN of the lambda function created in Step1 as the Target.
See a sample script below:
Resources:
# Cloudwatch event to trigger lambda periodically
rLambdaScheduledRule:
Type: "AWS::Events::Rule"
Properties:
Description: "CloudWatch Event to trigger lambda fn"
ScheduleExpression: "rate(1 hour)"
State: "ENABLED"
Targets:
-
Arn:
Fn::ImportValue:
!Sub "${NetworkStackName}-LambdaArn"
Id: "targetevent_v1"
PermissionForEventsToInvokeLambda:
Type: "AWS::Lambda::Permission"
Properties:
FunctionName:
Fn::ImportValue:
!Sub "${NetworkStackName}-LambdaArn"
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn:
Fn::GetAtt:
- rLambdaScheduledRule
- Arn
The value of ${NetworkStackName} should be the StackName from Step1.
Some of the issues you need to correct in your template:
correct the Targets property of resource rLambdaScheduledRule.
remove Action property from resource rLambdaScheduledRule.
correct the FunctionName property of resource rPermissionForEventsToInvokeLambda.
Keeping above sample as reference, correct your template and try again.