What should the SysOps administrator do to resolve this issue?
Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.
Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a failure or timeout.
Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure.
Update the Lambda function execution role so that it has permission to call the complete-lifecycle-action event.
Explanations:
The Lambda function must have an appropriate permission policy that allows EventBridge to invoke it. Without this permission, the EventBridge rule will not trigger the Lambda function as expected.
Changing the lifecycle hook action to CONTINUE on failure or timeout does not address the issue of Lambda not being invoked by EventBridge. CONTINUE would simply skip the hook without solving the invocation problem.
Configuring a retry policy on the EventBridge rule does not resolve the issue if permissions are missing. Retries will still fail if EventBridge lacks permission to invoke the Lambda function.
The Lambda function execution role needing permission to call the complete-lifecycle-action is unrelated to why EventBridge is failing to invoke the Lambda function initially. The permission issue lies with EventBridge’s ability to invoke Lambda, not with Lambda completing the lifecycle action.
I think the answer is:
Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.