Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(@aws-cdk/aws-iot): New Rule does not call Action

See original GitHub issue

When I add a new IoT Rule+Action through CDK, the Action is not used until I make changes through the Console.

Reproduction Steps

  1. Make a Lambda, for example:
exports.handler = async (event) => {  console.log("testlambda", event); };
  1. Create an IoT rule + Action (Important: Create a new rule with a new name):
new CfnTopicRule(stack, "testAJKL1243242Topic",
    new CfnTopicRuleProps
        RuleName = "testAJKL1243242Topic",
        TopicRulePayload = new CfnTopicRule.TopicRulePayloadProperty
            Actions = new object[]
                new CfnTopicRule.ActionProperty
                    Lambda = new CfnTopicRule.LambdaActionProperty { FunctionArn = "arn:aws:lambda:eu-west-1:accountid:function:testlambda" }
            Sql = "SELECT * FROM \"test\"",
            RuleDisabled = false,
            AwsIotSqlVersion = "2016-03-23",
  1. Open the Console and publish a message to the “test” topic
  2. Check the CloudWatch output of the Lambda --> Lambda is not called

As a workaround you can make it work by adding a “Error action” through Console and remove it again. 5. Go to the Console, and add a CloudWatch log action to the “Error action” 6. Remove the CloudWatch log action 7. Repeat step 3 and 4, now you will see output in step 4.

What did you expect to happen?

I expect the Lambda to be called.

What actually happened?



  • CDK CLI Version : 1.86.0 (build a10cfcf)
  • Framework Version: (which framework?)
  • Node.js Version: v14.15.3
  • OS : Windows 10
  • Language (Version): C# .NET 3.1, referenced CDK 1.86.0 Nuget packages


Region: eu-west-1. Using the CDK since version 1.73.0, and I think it was already an issue in that version, at least it is not new in 1.86.0.

This is 🐛 Bug Report

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:11 (3 by maintainers)

github_iconTop GitHub Comments

olivierpichoncommented, Sep 2, 2021

Found the reason for this issue, you need to setup a CfnPermission for the lambda function to be invoked. It can be defined this way:

    new CfnPermission(this, "InvokeLambdaToTimeScalePermission", {
      action: "lambda:InvokeFunction",
      functionName: fn.functionArn,
      principal: "",
      sourceArn: rule.attrArn

Because it fails silently without this permission, and it is quite impossible for someone to tell what’s missing, I would suggest that CDK automatically creates this resource (as its main goal and philosophy is to come with sensible default)

olivierpichoncommented, Aug 27, 2021

Can confirm it is a Cloudformation bug

Read more comments on GitHub >

github_iconTop Results From Across the Web

aws-cdk/aws-iot-actions module - AWS Documentation
The code snippet below creates an AWS IoT Rule that changes the state of an Amazon CloudWatch alarm when it is triggered: import...
Read more >
AWS IoT rule actions - AWS Documentation
Rule action Description Name in API Apache Kafka Sends a message to an Apache Kafka cluster. kafka CloudWatch alarms Changes the state of an Amazon...
Read more >
aws-cdk/aws-iot module - AWS Documentation
Create a topic rule that give your devices the ability to interact with AWS services. You can create a topic rule with an...
Read more >
Actions for AWS IoT Rule
Actions for AWS IoT Rule · Republish a message to another MQTT topic · Invoke a Lambda function · Put objects to a...
Read more >
aws-cdk/aws-iot-actions-alpha module - AWS Documentation
The code snippet below creates an AWS IoT Rule that invoke a Lambda function when it is triggered. const func = new lambda....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found