InvokePermission not automatically added to Lambda when triggered via Cloudwatch Rule

[jnmullen]

Trying wire up an EventRule as an input/trigger to a Lambda function but the permission to allow Cloudwatch to invoke the Lambda is not being added automatically.

e.g. would expect the following to add the permission automatically but doesn't

       const lambdaFunction = new lambda.Lambda(this, 'lambdaFunction', {
            code: new lambda.LambdaS3Code(bucket, 'lambda-cloudwatch-triggered.zip'),
            runtime: lambda.LambdaRuntime.NodeJS810,
            handler: 'index.handler',
            functionName: 'my-cdk-lambda-function'
        });

        const rule = new events.EventRule(this, 'Rule', {
            scheduleExpression: 'cron(0 0 * * ? *)',
        });
        rule.addTarget(lambdaFunction);

Have to add this code in to get the permission added:

        lambdaFunction.addPermission('allowCloudWatchInvocation', {
            principal: new ServicePrincipal('events.amazonaws.com'),
            sourceArn: rule.ruleArn
        });

Output from cdk synth shows this:

    lambdaFunctionInvokedByCloudWatchB3D0554C:
        Type: 'AWS::Lambda::Permission'
        Properties:
            Action: 'lambda:InvokeFunction'
            FunctionName:
                Ref: lambdaFunction940E68AD
            Principal: events.amazonaws.com

@eladb suspected in a gitter chat this was because the sourceArn is missing.

[JoshM1994]

I think this is also an issue for an Iot CfnTopicRule event trigger

The IoT rule is created but does not trigger the lambda. After clicking "edit" on the IoT rule and saving the "changes", the function policy in Lambda is updated which allows the rule to trigger. I guess it's because there is not IoT event in lambda-event-sources