How to give RDS instance permission to invoke lambda from CFT or SAM template

0 votes

Below is what I wrote in my SAM template to give RDS permission to invoke the lambda function. I added policies key to give permission similar to other services but that does not seem to be the case with RDS.

    Type: AWS::RDS::DBInstance
    Properties:
      DBName: !Ref DBName
      Engine: postgres
      MasterUsername: !Ref DBUsername
      DBInstanceClass: !Ref DBClass
      DBInstanceIdentifier: testdb
      DBSecurityGroups:
        - !Ref DBSecurityGroup
      AllocatedStorage: !Ref DBAllocatedStorage
      MasterUserPassword: !Ref DBPassword
      Policies:
        - Statement:
            - Sid: LambdaCrudPolicy
              Effect: Allow
              Action:
                - lambda:InvokeFunction
              Resource: !GetAtt TestFunction.Arn

Getting error : Properties validation failed for resource
DBInstance with message: #: extraneous key
[Policies] is not permitted

How can I give my instance lambda permission?

Tried AssociatedRoles, getting error - Tried, but failed with error - Resource handler returned message: "Invalid Role ARN: event-driven-service-RootRole-4PBV76O7
(Service: Rds, Status Code: 400, Request ID:
46bye4ae-ca93-4a17-b47b-6c397b862c81)"
(RequestToken:
70cxa135-8d79-838c-3b31-0b146ae75db1,
HandlerErrorCode: InvalidRequest) The following resource(s) failed to create

Here is new cft:

Description: The service contains the lambda function that handles the routing of emails.
Resources: 
  RootRole: 
    Type: AWS::IAM::Role
    Properties: 
      AssumeRolePolicyDocument: 
        Version: "2012-10-17"
        Statement: 
          - Effect: "Allow"
            Principal: 
              Service: 
                - "rds.amazonaws.com"
            Action: 
              - "sts:AssumeRole"
      Path: "/"
      Policies:
        - PolicyName: RDSLambdaCrud
          PolicyDocument: 
            Version: "2012-10-17"
            Statement:
              - Sid: LambdaCrudPolicy
                Effect: Allow
                Action:
                  - lambda:InvokeFunction
                Resource: "*"
  DBInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      DBName: dbname
      Engine: postgres
      MasterUsername: dbuser
      DBInstanceClass: db.t3.micro
      DBInstanceIdentifier: artifacts
      AllocatedStorage: 5
      MasterUserPassword: qwert1234
      AssociatedRoles:
        - FeatureName: InvokeLambda
          RoleArn: !Ref RootRole

Where am I going wrong?

Jan 18, 2023 in AWS by Tejashwini
 • 3,820 points
edited 5 days ago 6 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.