Search code examples
amazon-web-servicesaws-lambdaaws-pinpoint

Sending message to AWS Lambda from AWS Pinpoint Custom Channel

I am trying to send messages to my AWS Lambda Function from AWS Pinpoint through custom channel as described here

My problem is about granting permission to AWS Pinpoint to invoke my lambda function. The AWS CLI command provided in the documentation for granting permission is not working. When I execute the aws lambda add-permission command from AWS CLI like described in the documentation, I got the following error:

"no matches found: arn:aws:mobiletargeting:us-east-1:<account-id>:apps/*"

The result doesn't change if I change the ARN to any of the below:

  • arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/*
  • arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/campaigns/*
  • arn:aws:mobiletargeting:us-east-1:<account-id>:/apps/<pinpoint-app-id>/*
  • arn:aws:mobiletargeting:us-east-1:<account-id>:/apps/<pinpoint-app-id>/campaigns/*

I tried the same with AWS Cloudformation instead of AWS CLI, I succeeded to grant permission to AWS Pinpoint to invoke my lambda function. At least the Resource Based Policy appeared in the "Permissions" tab of my AWS Lambda Function Console. The source ARN like condition is arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/*

But, when I try to create a campaign under the same pinpoint application (i.e., project) I got the following error message:

"Amazon Pinpoint couldn’t invoke the Lambda function that you specified for custom delivery. Verify that a function policy is assigned to the function and that Amazon Pinpoint is authorized to invoke the function."

I tried different SourceArn like condition including the followings, but the result is the same:

  • arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/*
  • arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/campaigns/*
  • arn:aws:mobiletargeting:us-east-1:<account-id>:apps/*
  • arn:aws:mobiletargeting:us-east-1:<account-id>:*
  • arn:aws:mobiletargeting:us-east-1:<account-id>:/apps/*

Couldn't figure out what the problem is. Any idea about what I am missing will be greatly appreciated.

Thanks in advance!

Solution

  • Interesting but the same aws lambda add-permission command that returned no matches found: arn:aws:mobiletargeting:us-east-1:<account-id>:apps/* is working after sudo su.