AWS CloudWatch Rule returns FailedInvocation with AWS batch as Target

Question

Hi I've scheduled a Cloudwatch rule in order to run every Wednesday at 14.15 GTM by having as target an AWS Batch, which always returns FailedInvocation. I'm seeing the FailedInvocation event from associated metrics

However there are no logs regarding the error, I cannot understand the problem.

I've followed this tutorial: https://docs.aws.amazon.com/batch/latest/userguide/batch-cwe-target.html I'm stucked here from hours any suggestion?

CONFIGURATIONS

The AWS batch target is configured as is:

job Queue= arn:..
job Definition = arn:...
Job Name = name

The role associated to the target has the following policies:

arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "batch:SubmitJob"
        ],
        "Resource": "*"
    }
  ]
  }

arn:aws:iam::216314997889:role/awsInvokeActionOnEc2

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "cloudwatch:Describe*",
            "ec2:Describe*",
            "ec2:RebootInstances",
            "ec2:StopInstances",
            "ec2:TerminateInstances"
        ],
        "Resource": "*"
    }
]
}

and Trust relationships

{
"Version": "2012-10-17",
"Statement": [
  {
    "Effect": "Allow",
    "Principal": {
      "Service": "events.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
  }
 ]
}

HI, yes by using CloudTrail I've found that I was using a wrong ARN job definition. — Sashimi

erezool erezool · Accepted Answer · 2018-05-09T10:33:34

Enable CloudTrail to find out the FailedInvocation reason in its logs. I agree going through CloudTrail to find out the failure reason is terrible. But for now, that's all there is. Faced the same issue and found out the Input

AWS CloudWatch Rule returns FailedInvocation with AWS batch as Target

CONFIGURATIONS

2 Answers