EventBridge failing to invoke API Destination with NO_PERMISSIONS error

Question

Hi,

I created an EventBridge rule that is triggered on a cron schedule and invokes an API destination. When the rule fires, I am seeing an error message in the DLQ that has the following details:

ERROR_CODE | String | NO_PERMISSIONS

ERROR_MESSAGE | String | Unable to invoke ApiDestination endpoint: Internal Failure

I assume it's IAM related, however the IAM role was auto-generated when the rule was created.

I am unsure of what I need to add/update in order to mitigate the error.

For reference, a similar question was asked here: https://forums.aws.amazon.com/thread.jspa?threadID=340331

I'm happy to provide more details as necessary.

Thanks.

Answer

Hey sorry if you've looked elsewhere. But I believe the answer is that you need a policy attached to your Rule that allows it to invoke your Destination.

Your role should have a policy that has a stanza like this:

```
                {
                  "Effect": "Allow",
                  "Action": [
                    "events:InvokeApiDestination"
                  ],
                  "Resource": [
                    "arn:of:your:destination"
                  ]
                }
```

I got the answer from this [cloudformation/serverless example](https://github.com/serverlesspolska/eventbridge-api-destinations-mailchimp/blob/main/serverless.yml#L163-L185).

Hope it helps.

Answer

I assume you have your Connection authorized, if not, then you should fix the token acquisition first

If you have WAF Rule configured, this gets your requests blocked. If so you would need to adjust them to allow the access.

EventBridge failing to invoke API Destination with NO_PERMISSIONS error

相關內容