
I've tried to setup scheduling with Amazon CloudWatch Events, which should invoke a Lambda function, from another Lambda I used guide from Sending Events to Amazon CloudWatch Events - AWS SDK for JavaScript.

The problem is, that even after setting CloudWatch Events IAM role

                    Sid: 'CloudWatchEventsFullAccess',
                    Effect: 'Allow',
                    Action: ['*'],
                    Resource: '*',

and Lambda role to similar one, when I invoke main function

const cloudWatchEvents = new CloudWatchEvents()

        const ruleParams = {
            Name: projectId,
            ScheduleExpression: crontab,
            State: 'ENABLED',
            RoleArn: apiCloudWatchEventsIamRole,

        const targetParams = {
            Rule: projectId,
            Targets: [
                    Arn: apiLongTaskFunctionArn,
                    Id: 'lambdaCloudWatch',

        cloudWatchEvents.putRule(ruleParams, (err, rule) => {
            if (err) {
                return err
            cloudWatchEvents.putTargets(targetParams, (err, data) => {
                if (err) {
                    return (err)
                const eventParams = {
                    Entries: [
                            DetailType: 'Scheduled Event',
                            Source: 'aws.events',
                            Resources: [rule.RuleArn],
                            Detail: '{}',
                cloudWatchEvents.putEvents(eventParams, (err, data) => {
                    if (err) {
                        return (err)

i get response from last console.log

{ FailedEntryCount: 1,
       [ { ErrorCode: 'NotAuthorizedForSourceException',
           ErrorMessage: 'Not authorized for the source.' } ] }

I'm not sure where should I search for answer, as I haven't seen this case documented anywhere on web.

Has the trust relationship been setup for the role? i.e. "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": "sts:AssumeRole" }tedsmitt
@tedsmitt yep, I set Statement: [ { Effect: 'Allow', Principal: { Service: ['lambda.amazonaws.com'], }, Action: ['sts:AssumeRole'], }, { Effect: 'Allow', Principal: { Service: ['events.amazonaws.com'], }, Action: ['sts:AssumeRole'], }, ], for both lambda execution role and cloudWatch events rolePiekarski D
I think the issue here is that the aws.* prefix is reserved for AWS itself to use. So when you try to specify your source as aws.events, it tells you you're not authorized to use that source. Although, I can't seem to find any documentation on this besides the end of this blog post.Matt Hancock

1 Answers


okay, so adding to ruleParams

            EventPattern: JSON.stringify({
                source: ['sourceName'],

and setting Entries to

                    Entries: [
                            DetailType: 'Scheduled Event',
                            Source: 'sourceName',
                            Resources: [rule.RuleArn],
                            Detail: '{}',

solved the issue