Background:
I'm developing a custom AWS github-webhook via Terraform. I'm using AWS API Gateway to trigger an AWS Lambda function that validates the GitHub webhook's sha256 signature from the request header. If the lambda function successfully validates the request, I want a child lambda function to be invoked via the async invocation destination feature provided by Lambda.
Problem:
Even though I've configured the async invocation with the target child Lambda function, the child function is not triggered when the parent Lambda function is successful. This is reflected in the fact that the child Lambda function's associated CloudWatch log group is empty.
Relevant Code:
Here's the Terraform configuration for the Lambda function destination:
resource "aws_lambda_function_event_invoke_config" "lambda" {
function_name = module.github_webhook.function_name
destination_config {
on_success {
destination = module.lambda.function_arn
}
}
}
If more code from the module is needed, feel free to ask in the comments. The entire source code for this module is here: https://github.com/marshall7m/terraform-aws-codebuild/tree/master/modules/dynamic-github-source
Attempts:
- Made sure both parent/child Lambda functions have permission to create logs within their respective Cloudwatch log group (attached
arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRolepolicy to both) - Made sure the parent Lambda function has the correct permission to invoke the child function:
"lambda:InvokeFunction", "lambda:InvokeAsync" - Setup async invocation for child lambda function for both success and failure parent Lambda runs (child function still not triggered)
- Add API integration request parameter `{'X-Amz-Invocation-Type': 'Event'} as mentioned in: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-lambda-integration-async.html
- For every attempt to fix this, I made sure to redeliver the request from the source (github webhook page) and not via the AWS Lambda console.
