How do I set up Amazon S3 event notifications to invoke a Lambda function that's in another AWS account?
I want my Amazon Simple Storage Service (Amazon S3) bucket to invoke an AWS Lambda function in another AWS account.
Short description
To have your Amazon S3 bucket invoke a Lambda function in another AWS account, do the following:
2. Create an Amazon S3 event notification that invokes your Lambda function.
Important: The Lambda function must be in the same AWS Region as your S3 bucket. For information on migrating functions, see How do I migrate a Lambda function to another AWS account or Region using the Lambda console?
Resolution
Note: You must have the following information to complete this procedure:
- The Amazon Resource Name (ARN) of your Lambda function
- The ARN of your S3 bucket
- The AWS account ID of the account that is hosting the S3 bucket
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.
Update your Lambda function's resource-based permissions policy to grant invoke permission to Amazon S3
AWS Management Console
1. Open the Functions page on the Lambda console using the AWS account that your Lambda function is in.
2. Choose the name of the Lambda function that you want to be invoked by Amazon S3.
3. In the Configuration tab, choose Permissions.
4. In the Resource-based policy pane, choose Add permissions.
5. In the Policy statement pane, choose AWS service. The Service dropdown list appears.
6. In the Service dropdown list, choose S3. More text fields appear.
7. For Source account, enter the AWS account ID of the account that's hosting your S3 bucket.
8. For Source ARN, enter your S3 bucket's ARN. Use the following format:
Note: Replace bucket_name with the name of your S3 bucket.
arn:aws:s3:::bucket_name
9. For Action, select lambda:InvokeFunction from the dropdown list.
10. For Statement ID, enter a unique statement ID to differentiate the statement that you're creating within the policy.
11. Choose Save.
For more information, see Using resource-based policies for AWS Lambda.
AWS CLI
Update your Lambda function's resource-based permissions policy to grant invoke permission to Amazon S3 using the add-permission API similar to the following:
aws lambda add-permission \ --function-name LambdaFunction_name \ --action lambda:InvokeFunction \ --principal s3.amazonaws.com \ --source-arn arn:aws:s3:::bucket_name \ --statement-id "unique_statement_ID"
Note: Replace LambdaFunction_name, bucket_name, and unique_statement_ID with your variables.
Create an Amazon S3 event notification that invokes your Lambda function
AWS Management Console
Follow the instructions to activate and configure event notifications using the Amazon S3 console.
AWS CLI
Create an Amazon S3 event notification that invokes your Lambda function using the put-bucket-notification-configuration API similar to the following:
Note: Replace bucket_name with the name of your S3 bucket.
aws s3api put-bucket-notification-configuration \ --bucket bucket_name \ --notification-configuration file://notification.json
Create and save the notification.json file similar to the following:
Note: Replace LambdaFunction_ARN with your Lambda function ARN. Replace the prefix and suffix with your variables for the filter rule.
{ "LambdaFunctionConfigurations": [ { "Id": "my-lambda-function-s3-event-configuration", "LambdaFunctionArn": "LambdaFunction_ARN", "Events": [ "s3:ObjectCreated:*" ], "Filter": { "Key": { "FilterRules": [ { "Name": "prefix"|"suffix", "Value": "string" } ] } } } ] }
Testing the Lambda function
Follow the instructions to test the Lambda function using the Lambda console.
If your function isn't invoked by the event notification, then follow the instructions in Why doesn't my Amazon S3 event notification invoke my Lambda function?
Related information
How do I allow my Lambda execution role to access my Amazon S3 bucket?
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 meses
- OFICIAL DE AWSActualizada hace 2 meses
- OFICIAL DE AWSActualizada hace 6 meses