Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Resource-based policy to allow Pinpoint invoke lambda function #12849

Closed
biller-aivy opened this issue Jun 22, 2023 · 4 comments
Closed

Add Resource-based policy to allow Pinpoint invoke lambda function #12849

biller-aivy opened this issue Jun 22, 2023 · 4 comments
Labels
duplicate If marked with duplicate, issue will be closed & original will be added for traceability pending-response Issue is pending response from the issue author pending-triage Issue is pending triage question General question

Comments

@biller-aivy
Copy link

biller-aivy commented Jun 22, 2023
edited
Loading

Amplify CLI Version

10.5.2

Question

Hey Guys,

I try to connect a Pinpoint Journey with my Lambda function to invoke lambda based on a analytics event.

So this is working when I use the Console to add a Resource-based policy:

{
      "Sid": "custom-test",
      "Effect": "Allow",
      "Principal": {
        "Service": "pinpoint.amazonaws.com"
      },
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:eu-central-1:XXX:function:pinpointEventsHandler-develop",
      "Condition": {
        "ArnLike": {
          "AWS:SourceArn": "arn:aws:mobiletargeting:eu-central-1:XXX:apps/*"
        }
      }
    }

I can't find this part in the template at the console from cloudformation.

With the Amplify CLI I can add this how?

With the custom policy flow it is not working:

{
    "Action": ["lambda:InvokeFunction"],
    "Resource": ["arn:aws:mobiletargeting:eu-central-1:XXX:apps/*"]
  }

Any Idea?

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html
@biller-aivy biller-aivy added pending-triage Issue is pending triage question General question labels Jun 22, 2023
@biller-aivy
Copy link
Author

Solution:

"PermissionForPinpointToInvokeLambda": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "FunctionName": {
          "Ref": "LambdaFunction"
        },
        "Action": "lambda:InvokeFunction",
        "Principal": "pinpoint.amazonaws.com",
        "SourceArn": {
          "Fn::Sub": "arn:aws:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/*"
        }
      }
    }

Maybe we can add instead of just custom-policies.json the custom-permissions too for other users?

@ykethan
Copy link
Contributor

ykethan commented Jun 23, 2023
edited
Loading

Hey @biller-aivy, 👋 thank you for reaching out. Support for Lambda resource policies is currently being tracked on #9093.
If you could add a 👍 on the issue, this would help us prioritize the feature request.

@ykethan ykethan added pending-response Issue is pending response from the issue author duplicate If marked with duplicate, issue will be closed & original will be added for traceability labels Jun 23, 2023
@josefaidt
Copy link
Contributor

Closing in favor of tracking #9093

@josefaidt josefaidt closed this as not planned Won't fix, can't repro, duplicate, stale Aug 14, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate If marked with duplicate, issue will be closed & original will be added for traceability pending-response Issue is pending response from the issue author pending-triage Issue is pending triage question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@josefaidt @ykethan @biller-aivy