'AWS CloudFormation setting SNS trigger to Lambda

I want to add SNS as a trigger for Lambda in CloudFormation template but I it is not working for me. Below is the code I applied and I get lambda, sns and lambda subscription to SNS but I can't add trigger to lambda. Does anyone have any idea how to do it?

LambdaRole:
Type: 'AWS::IAM::Role'
Properties:
  AssumeRolePolicyDocument:
    Version: "2012-10-17"
    Statement:
      - Effect: Allow
        Principal:
          Service:
            - lambda.amazonaws.com
        Action:
          - 'sts:AssumeRole'
  Path: /
  Policies:
    - PolicyName: lambda_policy
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Action: '*'
            Resource: '*'

Lambdafunction:
Type: AWS::Lambda::Function
Properties:
  Handler: index.handler
  Role: !GetAtt LambdaRole.Arn
  # Role: !GettAtt [LambdaRole, Arn]
  Code:
    S3Bucket: lambda-s3
    S3Key: lambda.zip
  Runtime: python3.9
  Timeout: 30

PermissionSNStoLambda:
Type: 'AWS::Lambda::Permission'
Properties:
  Action: 'lambda:InvokeFunction'
  FunctionName: !Ref Lambdafunction
  Principal: sns.amazonaws.com

test2Topic:
Type: 'AWS::SNS::Topic'
Properties:
  DisplayName: Scale of Test Web group
  Subscription:
    - Protocol: lambda
      Endpoint: !GetAtt Lambdafunction.Arn   

  SNSPolicy:
Type: 'AWS::SNS::TopicPolicy'
Properties:
  Topics:
    - !Ref test2Topic
  PolicyDocument:
    Version: '2012-10-17'
    Statement:
      - Effect: Allow
        Principal: AWS: '*'
        Action:
          - 'SNS:GetTopicAttributes'
          - 'SNS:SetTopicAttributes'
          - 'SNS:AddPermission'
          - 'SNS:RemovePermission'
          - 'SNS:DeleteTopic'
          - 'SNS:Subscribe'
          - 'SNS:ListSubscriptionsByTopic'
          - 'SNS:Publish'
          - 'SNS:Receive'
        Resource: !Ref test2Topic

This is the most logical for me to use to add the trigger, but no success:

SNSTriggersLambda:            
Type: AWS::Lambda::EventInvokeConfig
Properties: 
  DestinationConfig: 
      OnFailure:
        Destination: !Ref test2Topic
      OnSuccess:
        Destination: !Ref test2Topic
  FunctionName: !Ref Lambdafunction
  MaximumEventAgeInSeconds: 70
  MaximumRetryAttempts: 1
  Qualifier: $LATEST
aws-lambdaamazon-sns


Solution 1:[1]

I just managed to resolve the issue. I needed one extra line in permission section stating source ARN for SNS Topic:

  PermissionSNStoLambda:
Type: 'AWS::Lambda::Permission'
Properties:
  Action: 'lambda:InvokeFunction'
  FunctionName: !Ref Lambdafunction
  Principal: sns.amazonaws.com
  SourceArn: !Ref test2Topic

It works now!

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Alex

Related Questions

Why my cloudformation template is over 1 MB?

Aws step functions - Resume from failed step function activity instead of starting a new execution

node-lambda - TypeError: handler is not a function

AWS X-Ray Crossacount data collection

Using python Logging with AWS Lambda

How to scale Lambda when /tmp is reused?

How to scale Lambda when /tmp is reused?

Occasional 'temporary failure in name resolution' while connecting to AWS Aurora cluster

Using an API key in Amazon API Gateway

How to execute a lambda function which copies objects from one S3 bucket to another via Step functions?

Mount EFS to Lambda Container

How to install external modules in a Python Lambda Function created by AWS CDK?

Pass multiple inputs into Map State in AWS Step Function

AWS API Gateway with proxy Lambda: Invalid permissions on Lambda function

Configure DynamoDB stream trigger with insert only