Scheduled AWS Batch Job with EventBridge Not Working

0

What I am trying to do:

  • Use Eventbridge to schedule an AWS Batch job to run daily.

The problem:

  • I've created a rule in Eventbridge for a working AWS batch job., but it's is not being kicked off at the scheduled time.

The only thing that I can think of that is going wrong is maybe I don't have the correct role type, trust relationship and policy for the rule? Any help provided would be greatly appreciated, thank you!

Role Information

Role use case type: Allows EC2 instances to call aws services on your behalf

Trust Relationships

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "events.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Permissions (related to EventBridge only): AWSBatchServiceEventTargetRole

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "batch:SubmitJob"
            ],
            "Resource": "*"
        }
    ]
}
1 Answer
0

Hi, I have checked one of our functioning EventBridge rules with AWS Batch jobs target. Provided Role has following Trust Relationship:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "events.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

And following permission in the Policy:

{
    "Statement": [
        {
            "Action": [
                "batch:SubmitJob"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:batch:region:account-number:job-definition/our-job-xxxxxxx",
                "arn:aws:batch:region:account-number:job-definition/our-job-xxxxxxx:*",
                "arn:aws:batch:region:account-number:job-queue/our-job-xxxxxxx"
            ]
        }
    ],
    "Version": "2012-10-17"
}

Also check, whether your Cron expression is OK.

answered 2 years ago
  • Thanks a ton for responding, it's very helpful.

    I have mine scheduled to run every 1 minute right using the fixed rate option, so I think we are good on that front.

    Will you confirm the use case you selected for your role and the name of permissions policy you used for your rule? I ask because I had to create an inline policy to give explicit permissions for my job definitions and queue.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions