CloudWatch event not triggering Lambda function

0
votes

I am trying to setup a Lambda function that scans for a lifecycle policy on every new S3 bucket that is created. If the function finds there is no lifecycle policy set, it will add a default policy I have defined in the function. The aim is to use the CloudWatch S3 createbucket event as the trigger.

I am able to run tests successfully, but when I create new S3 buckets, it is not placing a default lifecycle policy on the bucket as annotated in the function. I have added full admin-access to the Lambda function IAM Role hoping to mitigate any permission issues (as a test). But when I create new S3 buckets, the CloudWatch event is failing to trigger the function.

It seems like I am missing something small, any suggestions? Thank you!

1
amazon-web-servicesamazon-s3aws-lambdaamazon-cloudwatch
Are you saying that the Lambda function is never triggered by CloudWatch Events? Where are you looking to verify this? Has the Lambda function been assigned the AWSLambdaBasicExecutionRole permission policy so that it can write to CloudWatch Logs?John Rotenstein
Can you show a screenshot of how you've configured the Lambda via CW? Can you confirm "run tests successfully"? Is that using localstack or what do you mean they run successfully (they do attach lifecycle policy) but its the CW invoking the Lambda that doesn't work?Jeremy Thompson
Aside from the questions above, how are you able to "run tests successfully"? What tests have you done?Noel Llevares

1 Answers

0
votes

The problem was that the CloudTrail API was not configured for logging. I had to use my root account to create a trail for S3. Once CloudTrail was configured, CloudWatch was able to send the logged S3 events to Lambda as a trigger.