8

I'm running into an issue with Serverless v1.5 (latest version currently available at the time of writing)

I've to add permission to the lambda function and I'm trying to achieve this by creating a CF template and running along with the deploy of the function:

resources:
  Resources:
    logsGroup:
      Type: "AWS::Lambda::Permission"
      Properties: 
        Action: lambda:InvokeFunction
        FunctionName: 
          Fn::GetAtt:
            - "${self:custom.${opt:stage}.name}"
            - "Arn"
        Principal: "logs.amazonaws.com"
        SourceAccount:
          Ref: "AWS::AccountId"
        SourceArn: "arn:aws:logs:${self:provider.region}:*:log-group:*:*"

This is how it should look like. My problem is that when I try to deploy it I get an error which says that the function is not created yet which is understandable. How can I overcome to this issue? Any ideas?

Improve this question
2
  • How did you resolve this? If you found a solution it would be helpful to those of us finding your question if you wrote an answer and accepted it if your solution works. Commented Jul 20, 2017 at 14:22
  • I am in the same scenario at the moment. Please let us know if you have found a solution to this. Commented Jul 24, 2019 at 15:50

2 Answers 2

Reset to default
4

Not enough rep to add a comment - have you tried adding a DependsOn attribute to the Lambda Permission resource? Explicitly setting that property will result in CloudFormation waiting until the Lambda Function resource is created before creating this permission.

Also if you weren't already aware the .serverless folder that gets created in the root of your project contains the CloudFormation templates used by serverless, which can be helpful when troubleshooting unexpected CloudFormation behavior.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

By default, Serverless creates your custom resources first, which makes sense as you usually put S3 buckets etc. there that your functions rely on.

In the end though, Serverless translates everything to a Cloudformation template, which you can see in the .serverless directory. What you will notice there is that your function names are suffixed with "LambdaFunction". So if you named your function "Foo", this is translated to "FooLambdaFunction". By that name, you can reference the function in a custom resource, which makes Cloudformation wait for the function before it creates the resource.

E.g.

functions:
  Foo:
    handler: functions/foo.handler
    name: foo-lambda
    description: Sample function
resources:
  Resources:
    PermissionToCallFoo:
      Type: "AWS::Lambda::Permission"
      Properties: 
        Action: lambda:InvokeFunction
        FunctionName: 
          Ref: FooLambdaFunction
        Principal: "logs.amazonaws.com"
  Outputs:
    FooArn:
      Value:
        Fn::GetAtt: 
          - FooLambdaFunction
          - Arn
      Export:
        Name: "FooArn"
Improve this answer

1 Comment

One thing I would add, is that the "exported" function name, will be capitalised by default, so if you define a function called foo, or myCodeRunner, your Ref will have to account for this difference (i.e. Foo or MyCodeRunner respectively).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.