Found a nasty but usable way to get the current account id (for building ARNs) and stack name (for requesting stack outputs / finding resources / logging)
accountId = context.invokedFunctionArn.match(/\d{3,}/)[0];
var stack = context.invokedFunctionArn.match(/:function:(.*)-.*-.*/)[1];
Cloudformation refuses to set up an EventSourceMapping, but it works in the UI,
because under the hood the UI creates a push based setup, which can be re-created via
Cloudformation.
{
"Resources": {
"SNSTopic": {
"Type": "AWS::SNS::Topic",
"Properties": {
"Subscription": [
{
"Endpoint": {
"Fn::GetAtt": [
"Function",
"Arn"
]
},
"Protocol": "lambda"
}
]
}
},
"Function": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Handler": "index.handler",
"Role": {
"Fn::GetAtt": [
"LambdaExecutionRole",
"Arn"
]
},
"Code": {
"ZipFile": {
"Fn::Join": [
"",
[
"exports.handler = function(event, context) {",
"context.done(null,event)",
"};"
]
]
}
},
"Runtime": "nodejs",
"Timeout": "25"
}
},
"LambdaInvokePermission": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"FunctionName": {
"Fn::GetAtt": [
"Function",
"Arn"
]
},
"Action": "lambda:InvokeFunction",
"Principal": "sns.amazonaws.com",
"SourceArn": {
"Ref": "SNSTopic"
}
}
}
},
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"sns:Subscribe"
],
"Resource": [
"*"
]
}
]
}
}
]
}
}
}
Lambdas can only have static code (see code upload via cloudformation), so passing in DynamoDB table names/SNS topic ARNs etc is not possible. But there is a neat workaround:
Make the lambda read the stacks output.
# my-stack.json
"Outputs": {
"World": {
"Value": {
"Ref": "MySnsTopic"
}
},
....
}
var AWS = require('aws-sdk');
var stack = context.invokedFunctionArn.match(/:function:(.*)-.*-.*/)[1];
exports.handler = function(event, context) {
var cf = new AWS.CloudFormation();
cf.describeStacks({"StackName": stack}, function(err, data){
if (err) context.done(err, 'Error!');
else {
var config = {}
data.Stacks[0].Outputs.map(function(out){ config[out.OutputKey] = out.OutputValue });
context.succeed('hello ' + config.World)
}
})
};
# output "hello arn:aws:sns:ap-northeast-1:8132302344234:my-stack-MySnSTopic-211Z1K3GAGK9"
Michael Grosser, the Blog 