former2 icon indicating copy to clipboard operation
former2 copied to clipboard
verified publisher icon iann0036

Lambda: missing trigger and role

Open gvasquez95 opened this issue 5 years ago • 5 comments

I've just tried to generate Cloudformation and Terraform templates for an SQS/Lambda Integration and I did have to select both components separately as Former2 didn't identify them as related resources (missing SQS trigger for Lambda function), and the IAM role for the Lambda wasn't generated either

gvasquez95 avatar Nov 27 '20 01:11 gvasquez95

Hey @gvasquez95,

Almost all entities/rows within Former2 are limited to the single CloudFormation resource, so you're likely missing some resources.

Check out "Permissions" and "Event Source Mappings" under the Lambda section and "Roles" under the IAM section for these linking resources.

If you enable the "Related Resources" setting, you may also get some recommendations for related resources as a popup/modal, however this is not guaranteed to find all relationships.

Let me know if that helps.

iann0036 avatar Nov 27 '20 06:11 iann0036

Thanks Ian for such a, totally unexpected, quick answer. Now I did find the SQS trigger as an Event Source mapping resource, but I still do see some odd behavior here:

  • The Trigger is detected, but it didn't suggest as a related item the SQS queue, so I have to manually add the queue to the resources list to be generated.
  • Even when adding the queue, the lambda, and the event source mapping, no connecting arrow appears in the generated diagram
  • The role of the lambda doesn't appear in the list for being select. Only 84 items appear in the Permissions list, out of 104 lambda functions

gvasquez95 avatar Nov 27 '20 14:11 gvasquez95

Hey @gvasquez95,

Thanks for your response. Answers inline.

The Trigger is detected, but it didn't suggest as a related item the SQS queue, so I have to manually add the queue to the resources list to be generated.

Some resources have a hard time being suggested due to the way they are cross-referenced. It'll try it's best, but sometimes there are gaps.

Even when adding the queue, the lambda, and the event source mapping, no connecting arrow appears in the generated diagram

The diagram is very...err, "beta". I'm still considering whether to lay out all resources or only primary ones, and working on ways of laying out the diagram so lines don't overlap and make sense.

The role of the lambda doesn't appear in the list for being select. Only 84 items appear in the Permissions list, out of 104 lambda functions

This one is unusual. When the "Related Resources" option is enabled, I get a recommendation for the linked role of a Lambda function when adding it. Could you confirm that the role does exist within your account and is accessible with the permissions you used during setup?

iann0036 avatar Nov 28 '20 00:11 iann0036

Ian, both first items understood.

Regarding the not found Lambda's role: I created a specific IAM user for Former2, and I assigned to it a single AWS managed policy: ReadOnlyAccess, which grants readonly access on all resources, so I guess it should be good enough. You could try such On your side too, as it had no custom policies.

gvasquez95 avatar Nov 28 '20 01:11 gvasquez95

Thanks @gvasquez95,

Could you try the same action with escalated privileges to see if the role can be found then? Also, could you check your console for errors? (View -> Developer -> JavaScript Console on Chrome)

iann0036 avatar Nov 28 '20 01:11 iann0036