Amplify-cli: `amplify function add` > `amplify push` results in Error: `AWS::Events::Rule`

Created on 9 Jun 2020 · 4Comments · Source: aws-amplify/amplify-cli

Describe the bug
After a few attempts adding a scheduled lambda execution using the amplify function add workflow, I am unable to deploy and get this error:

Following resources failed

Resource Name: CloudWatchEvent (AWS::Events::Rule)
Event Type: create
Reason: User: arn:aws:iam::538069693173:user/amp-granicus is not authorized to perform: events:PutRule on resource: arn:aws:events:us-east-1:538069693173:rule/amplify-granicus-env-93734-functio-CloudWatchEvent-EW7XJ0ZGH4H4 (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: AccessDeniedException; Request ID: d7e081df-2d94-4d6e-bd0f-ed9c83615257)


Resource Name: lambdaexecutionpolicy (AWS::IAM::Policy)
Event Type: create
Reason: Resource creation cancelled


× An error occurred when pushing the resources to the cloud

Resource is not in the state stackUpdateComplete
An error occured during the push operation: Resource is not in the state stackUpdateComplete

Amplify CLI Version
4.18.0

To Reproduce

λ amplify function add
Using service: Lambda, provided by: awscloudformation
? Provide a friendly name for your resource to be used as a label for this category in the project: doTheThing
? Provide the AWS Lambda function name: doTheThing
? Choose the function runtime that you want to use: NodeJS
? Choose the function template that you want to use: Hello World
? Do you want to access other resources created in this project from your Lambda function? No
? Do you want to invoke this function on a recurring schedule? Yes
? At which interval should the function be invoked: Daily
? Select the start time (use arrow keys): 10:00 PM
? Do you want to edit the local lambda function now? No
Successfully added resource doTheThing locally.

then...

amplify push

full stack trace:

λ amplify push
√ Successfully pulled backend environment env from the cloud.

Current Environment: env

| Category | Resource name | Operation | Provider plugin   |
| -------- | ------------- | --------- | ----------------- |
| Function | doTheThing    | Create    | awscloudformation |
| Api      | granicus      | No Change | awscloudformation |
? Are you sure you want to continue? Yes
- Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS amplify-granicus-env-93734 AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:40 GMT-0400 (Eastern Daylight Time) User Initiated
\ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS functiondoTheThing AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:47 GMT-0400 (Eastern Daylight Time)

UPDATE_IN_PROGRESS apigranicus        AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:47 GMT-0400 (Eastern Daylight Time)

CREATE_IN_PROGRESS functiondoTheThing AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:48 GMT-0400 (Eastern Daylight Time) Resource creation Initiated
| Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS amplify-granicus-env-93734-functiondoTheThing-ISJ73SVVB6LO AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:48 GMT-0400 (Eastern Daylight Time) User Initiated
- Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS amplify-granicus-env-93734-apigranicus-JPHJ1JK8Q7V5 AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:48 GMT-0400 (Eastern Daylight Time) User Initiated
/ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS LambdaExecutionRole AWS::IAM::Role Tue Jun 09 2020 12:07:53 GMT-0400 (Eastern Daylight Time)

CREATE_IN_PROGRESS LambdaExecutionRole AWS::IAM::Role Tue Jun 09 2020 12:07:54 GMT-0400 (Eastern Daylight Time) Resource creation Initiated
/ Updating resources in the cloud. This may take a few minutes...

UPDATE_COMPLETE    BulletinTopic AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:59 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Sender        AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:57 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    Campaign      AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:59 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    SubsSummary   AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:00 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    Topic         AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:59 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS SubsSummary   AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:59 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS BulletinTopic AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:58 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Bulletin      AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:00 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    Sender        AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:58 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Campaign      AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:58 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Topic         AWS::CloudFormation::Stack Tue Jun 09 2020 12:07:58 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Accumulator   AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:00 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    Bulletin      AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:01 GMT-0400 (Eastern Daylight Time)
| Updating resources in the cloud. This may take a few minutes...

UPDATE_COMPLETE Accumulator AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:01 GMT-0400 (Eastern Daylight Time)
- Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE LambdaExecutionRole AWS::IAM::Role Tue Jun 09 2020 12:08:08 GMT-0400 (Eastern Daylight Time)
\ Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS ConnectionStack AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:10 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    ConnectionStack AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:10 GMT-0400 (Eastern Daylight Time)
/ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS LambdaFunction        AWS::Lambda::Function Tue Jun 09 2020 12:08:11 GMT-0400 (Eastern Daylight Time)

CREATE_IN_PROGRESS LambdaFunction        AWS::Lambda::Function Tue Jun 09 2020 12:08:12 GMT-0400 (Eastern Daylight Time) Resource creation Initiated
CREATE_COMPLETE    LambdaFunction        AWS::Lambda::Function Tue Jun 09 2020 12:08:13 GMT-0400 (Eastern Daylight Time)

CREATE_IN_PROGRESS lambdaexecutionpolicy AWS::IAM::Policy      Tue Jun 09 2020 12:08:16 GMT-0400 (Eastern Daylight Time)

CREATE_IN_PROGRESS CloudWatchEvent       AWS::Events::Rule     Tue Jun 09 2020 12:08:16 GMT-0400 (Eastern Daylight Time)

| Updating resources in the cloud. This may take a few minutes...

CREATE_FAILED      CloudWatchEvent       AWS::Events::Rule Tue Jun 09 2020 12:08:16 GMT-0400 (Eastern Daylight Time) User: arn:aws:iam::538069693173:user/amp-granicus is not authorized to perform: events:PutRule on resource: arn:aws:events:us-east-1:538069693173:rule/amplify-granicus-env-93734-functio-CloudWatchEvent-EW7XJ0ZGH4H4 (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: AccessDeniedException; Request ID: d7e081df-2d94-4d6e-bd0f-ed9c83615257)
CREATE_IN_PROGRESS lambdaexecutionpolicy AWS::IAM::Policy  Tue Jun 09 2020 12:08:16 GMT-0400 (Eastern Daylight Time) Failed to check if policy already exists due to lack of getRolePolicy permission, you might be overriding or adopting an existing policy on this Role



- Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS CustomResourcesjson AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:16 GMT-0400 (Eastern Daylight Time)
- Updating resources in the cloud. This may take a few minutes...

CREATE_FAILED lambdaexecutionpolicy
    AWS::IAM::Policy           Tue Jun 09 2020 12:08:16 GMT-0400 (Eastern Daylight Time) Resource creation cancelled

CREATE_FAILED amplify-granicus-env-93734-functiondoTheThing-ISJ73SVVB6LO AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:17 GMT-0400 (Eastern Daylight Time) The following resource(s) failed to create: [lambdaexecutionpolicy, CloudWatchEvent].
/ Updating resources in the cloud. This may take a few minutes...

UPDATE_COMPLETE CustomResourcesjson AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:17 GMT-0400 (Eastern Daylight Time)
\ Updating resources in the cloud. This may take a few minutes...

CREATE_FAILED               functiondoTheThing         AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:22 GMT-0400 (Eastern Daylight Time) Embedded stack arn:aws:cloudformation:us-east-1:538069693173:stack/amplify-granicus-env-93734-functiondoTheThing-ISJ73SVVB6LO/5c613b00-aa6b-11ea-9d98-1246411399d1 was not successfully created: The following resource(s) failed to create: [lambdaexecutionpolicy, CloudWatchEvent].
UPDATE_FAILED               apigranicus                AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:23 GMT-0400 (Eastern Daylight Time) Resource update cancelled




UPDATE_ROLLBACK_IN_PROGRESS amplify-granicus-env-93734 AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:24 GMT-0400 (Eastern Daylight Time) The following resource(s) failed to create: [functiondoTheThing]. The following resource(s) failed to update: [apigranicus].



- Updating resources in the cloud. This may take a few minutes...

UPDATE_COMPLETE_CLEANUP_IN_PROGRESS amplify-granicus-env-93734-apigranicus-JPHJ1JK8Q7V5 AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:23 GMT-0400 (Eastern Daylight Time)
- Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS apigranicus AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:44 GMT-0400 (Eastern Daylight Time)
| Updating resources in the cloud. This may take a few minutes...

UPDATE_ROLLBACK_IN_PROGRESS amplify-granicus-env-93734-apigranicus-JPHJ1JK8Q7V5 AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:45 GMT-0400 (Eastern Daylight Time) User Initiated
- Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS Campaign      AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Sender        AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Topic         AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Accumulator   AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS SubsSummary   AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS BulletinTopic AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS Bulletin      AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
- Updating resources in the cloud. This may take a few minutes...

UPDATE_COMPLETE Topic         AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE Sender        AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE Campaign      AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE SubsSummary   AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE BulletinTopic AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE Accumulator   AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE Bulletin      AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:51 GMT-0400 (Eastern Daylight Time)
| Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS                           ConnectionStack
                            AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:52 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE                              ConnectionStack
                            AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:53 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS                           CustomResourcesjson
                            AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:54 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE                              CustomResourcesjson
                            AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:54 GMT-0400 (Eastern Daylight Time)
UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-granicus-env-93734-apigranicus-JPHJ1JK8Q7V5 AWS::CloudFormation::Stack Tue Jun 09 2020 12:08:55 GMT-0400 (Eastern Daylight Time)
/ Updating resources in the cloud. This may take a few minutes...

UPDATE_COMPLETE                              apigranicus
   AWS::CloudFormation::Stack Tue Jun 09 2020 12:09:07 GMT-0400 (Eastern Daylight Time)
UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-granicus-env-93734 AWS::CloudFormation::Stack Tue Jun 09 2020 12:09:07 GMT-0400 (Eastern Daylight Time)
DELETE_IN_PROGRESS                           functiondoTheThing
   AWS::CloudFormation::Stack Tue Jun 09 2020 12:09:09 GMT-0400 (Eastern Daylight Time)
- Updating resources in the cloud. This may take a few minutes...

DELETE_IN_PROGRESS amplify-granicus-env-93734-functiondoTheThing-ISJ73SVVB6LO AWS::CloudFormation::Stack Tue Jun 09 2020 12:09:09 GMT-0400 (Eastern Daylight Time) User Initiated
| Updating resources in the cloud. This may take a few minutes...

DELETE_COMPLETE    CloudWatchEvent       AWS::Events::Rule     Tue Jun 09 2020 12:09:12 GMT-0400 (Eastern Daylight Time)
DELETE_COMPLETE    lambdaexecutionpolicy AWS::IAM::Policy      Tue Jun 09 2020 12:09:13 GMT-0400 (Eastern Daylight Time)
DELETE_IN_PROGRESS LambdaFunction        AWS::Lambda::Function Tue Jun 09 2020 12:09:14 GMT-0400 (Eastern Daylight Time)
DELETE_COMPLETE    LambdaFunction        AWS::Lambda::Function Tue Jun 09 2020 12:09:14 GMT-0400 (Eastern Daylight Time)
DELETE_IN_PROGRESS LambdaExecutionRole   AWS::IAM::Role        Tue Jun 09 2020 12:09:16 GMT-0400 (Eastern Daylight Time)
/ Updating resources in the cloud. This may take a few minutes...

UPDATE_COMPLETE          apigranicus                AWS::CloudFormation::Stack Tue Jun 09 2020 12:09:20 GMT-0400 (Eastern Daylight Time)
DELETE_COMPLETE          functiondoTheThing         AWS::CloudFormation::Stack Tue Jun 09 2020 12:09:20 GMT-0400 (Eastern Daylight Time)
UPDATE_ROLLBACK_COMPLETE amplify-granicus-env-93734 AWS::CloudFormation::Stack Tue Jun 09 2020 12:09:21 GMT-0400 (Eastern Daylight Time)
| Updating resources in the cloud. This may take a few minutes...

DELETE_COMPLETE LambdaExecutionRole
      AWS::IAM::Role             Tue Jun 09 2020 12:09:17 GMT-0400 (Eastern Daylight Time)
DELETE_COMPLETE amplify-granicus-env-93734-functiondoTheThing-ISJ73SVVB6LO AWS::CloudFormation::Stack Tue Jun 09 2020 12:09:19 GMT-0400 (Eastern Daylight Time)
\ Updating resources in the cloud. This may take a few minutes...Error updating cloudformation stack
- Updating resources in the cloud. This may take a few minutes...

Following resources failed

Resource Name: CloudWatchEvent (AWS::Events::Rule)
Event Type: create
Reason: User: arn:aws:iam::538069693173:user/amp-granicus is not authorized to perform: events:PutRule on resource: arn:aws:events:us-east-1:538069693173:rule/amplify-granicus-env-93734-functio-CloudWatchEvent-EW7XJ0ZGH4H4 (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: AccessDeniedException; Request ID: d7e081df-2d94-4d6e-bd0f-ed9c83615257)


Resource Name: lambdaexecutionpolicy (AWS::IAM::Policy)
Event Type: create
Reason: Resource creation cancelled


× An error occurred when pushing the resources to the cloud

Resource is not in the state stackUpdateComplete
An error occured during the push operation: Resource is not in the state stackUpdateComplete

Expected behavior
Hoped following the guide would be smooth sailing (as has the rest of my experience with the framework!). Some resources I followed:

Desktop (please complete the following information):

OS: Windows 10
Node Version: 10.16.2

functions question

Source

loganpowell

All 4 comments

@loganpowell based on this line from the log above

CREATE_FAILED      CloudWatchEvent       AWS::Events::Rule Tue Jun 09 2020 12:08:16 GMT-0400 (Eastern Daylight Time) User: arn:aws:iam::538069693173:user/amp-granicus is not authorized to perform: events:PutRule on resource: arn:aws:events:us-east-1:538069693173:rule/amplify-granicus-env-93734-functio-CloudWatchEvent-EW7XJ0ZGH4H4 (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: AccessDeniedException; Request ID: d7e081df-2d94-4d6e-bd0f-ed9c8361525)

It looks like the IAM user you are performing the push with does not have access to add the CloudWatch event rule. Can you add that permission to the IAM user and try again?

edwardfoyle on 9 Jun 2020

Hi @edwardfoyle! Thank you for following up... I'm a bit of a newb when it comes to those rules... is it called CloudWatch?

Here's what I have so far:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "appsync:*",
        "apigateway:POST",
        "apigateway:DELETE",
        "apigateway:PATCH",
        "apigateway:PUT",
        "cloudformation:CreateStack",
        "cloudformation:CreateStackSet",
        "cloudformation:DeleteStack",
        "cloudformation:DeleteStackSet",
        "cloudformation:DescribeStackEvents",
        "cloudformation:DescribeStackResource",
        "cloudformation:DescribeStackResources",
        "cloudformation:DescribeStackSet",
        "cloudformation:DescribeStackSetOperation",
        "cloudformation:DescribeStacks",
        "cloudformation:UpdateStack",
        "cloudformation:UpdateStackSet",
        "cloudfront:CreateCloudFrontOriginAccessIdentity",
        "cloudfront:CreateDistribution",
        "cloudfront:DeleteCloudFrontOriginAccessIdentity",
        "cloudfront:DeleteDistribution",
        "cloudfront:GetCloudFrontOriginAccessIdentity",
        "cloudfront:GetCloudFrontOriginAccessIdentityConfig",
        "cloudfront:GetDistribution",
        "cloudfront:GetDistributionConfig",
        "cloudfront:TagResource",
        "cloudfront:UntagResource",
        "cloudfront:UpdateCloudFrontOriginAccessIdentity",
        "cloudfront:UpdateDistribution",
        "cognito-identity:CreateIdentityPool",
        "cognito-identity:DeleteIdentityPool",
        "cognito-identity:DescribeIdentity",
        "cognito-identity:DescribeIdentityPool",
        "cognito-identity:SetIdentityPoolRoles",
        "cognito-identity:UpdateIdentityPool",
        "cognito-idp:CreateUserPool",
        "cognito-idp:CreateUserPoolClient",
        "cognito-idp:DeleteUserPool",
        "cognito-idp:DeleteUserPoolClient",
        "cognito-idp:DescribeUserPool",
        "cognito-idp:UpdateUserPool",
        "cognito-idp:UpdateUserPoolClient",
        "dynamodb:CreateTable",
        "dynamodb:DeleteItem",
        "dynamodb:DeleteTable",
        "dynamodb:DescribeTable",
        "dynamodb:PutItem",
        "dynamodb:UpdateItem",
        "dynamodb:UpdateTable",
        "iam:CreateRole",
        "iam:DeleteRole",
        "iam:DeleteRolePolicy",
        "iam:GetRole",
        "iam:GetUser",
        "iam:PassRole",
        "iam:PutRolePolicy",
        "iam:UpdateRole",
        "lambda:AddPermission",
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:GetFunction",
        "lambda:GetFunctionConfiguration",
        "lambda:InvokeAsync",
        "lambda:InvokeFunction",
        "lambda:RemovePermission",
        "lambda:UpdateFunctionCode",
        "lambda:UpdateFunctionConfiguration",
        "s3:*",
        "amplify:*"
      ],
      "Resource": "*"
    }
  ]
}

loganpowell on 9 Jun 2020

@loganpowell The action is "events:PutRule"

edwardfoyle on 9 Jun 2020

❤1

Alrighty... I think we're go!

here's how it ended up needing to be configured after a few rounds of trial and error:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "appsync:*",
        "apigateway:POST",
        "apigateway:DELETE",
        "apigateway:PATCH",
        "apigateway:PUT",
        "cloudformation:CreateStack",
        "cloudformation:CreateStackSet",
        "cloudformation:DeleteStack",
        "cloudformation:DeleteStackSet",
        "cloudformation:DescribeStackEvents",
        "cloudformation:DescribeStackResource",
        "cloudformation:DescribeStackResources",
        "cloudformation:DescribeStackSet",
        "cloudformation:DescribeStackSetOperation",
        "cloudformation:DescribeStacks",
        "cloudformation:UpdateStack",
        "cloudformation:UpdateStackSet",
        "cloudfront:CreateCloudFrontOriginAccessIdentity",
        "cloudfront:CreateDistribution",
        "cloudfront:DeleteCloudFrontOriginAccessIdentity",
        "cloudfront:DeleteDistribution",
        "cloudfront:GetCloudFrontOriginAccessIdentity",
        "cloudfront:GetCloudFrontOriginAccessIdentityConfig",
        "cloudfront:GetDistribution",
        "cloudfront:GetDistributionConfig",
        "cloudfront:TagResource",
        "cloudfront:UntagResource",
        "cloudfront:UpdateCloudFrontOriginAccessIdentity",
        "cloudfront:UpdateDistribution",
        "cognito-identity:CreateIdentityPool",
        "cognito-identity:DeleteIdentityPool",
        "cognito-identity:DescribeIdentity",
        "cognito-identity:DescribeIdentityPool",
        "cognito-identity:SetIdentityPoolRoles",
        "cognito-identity:UpdateIdentityPool",
        "cognito-idp:CreateUserPool",
        "cognito-idp:CreateUserPoolClient",
        "cognito-idp:DeleteUserPool",
        "cognito-idp:DeleteUserPoolClient",
        "cognito-idp:DescribeUserPool",
        "cognito-idp:UpdateUserPool",
        "cognito-idp:UpdateUserPoolClient",
        "dynamodb:CreateTable",
        "dynamodb:DeleteItem",
        "dynamodb:DeleteTable",
        "dynamodb:DescribeTable",
        "dynamodb:PutItem",
        "dynamodb:UpdateItem",
        "dynamodb:UpdateTable",
        "iam:CreateRole",
        "iam:DeleteRole",
        "iam:DeleteRolePolicy",
        "iam:GetRole",
        "iam:GetUser",
        "iam:PassRole",
        "iam:PutRolePolicy",
        "iam:UpdateRole",
        "lambda:AddPermission",
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:GetFunction",
        "lambda:GetFunctionConfiguration",
        "lambda:InvokeAsync",
        "lambda:InvokeFunction",
        "lambda:RemovePermission",
        "lambda:UpdateFunctionCode",
        "lambda:UpdateFunctionConfiguration",
        "s3:*",
        "amplify:*",
+       "events:PutRule",
+       "events:DescribeRule",
+       "events:DeleteRule",
+       "events:PutTargets",
+       "events:RemoveTargets",
       ],
      "Resource": "*"
    }
  ]
}

and the result:

√ All resources are updated in the cloud

loganpowell on 9 Jun 2020

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Invoking a lambda from another Lambda

ReidWeb · 3Comments

Use existing resources

adriatikgashi · 3Comments

Make export name of the stack's output reachable

kstro21 · 3Comments

Error Installing

nicksmithr · 3Comments

Unique Key Resolver

amlcodes · 3Comments