How do I see who invoked my Lambda function?

Resolution

To view information about the user that invoked your Lambda function, you must turn on data events logging in AWS CloudTrail. By default, CloudTrail doesn't log Lambda Invoke API calls, and the CloudTrail Event history doesn't record them.

For information about pricing for data events in CloudTrail, see AWS CloudTrail pricing.

To turn on data events logging, create a new trail or update an existing trail, and then configure the Data events setting. Under Data Event type, for Source, choose Lambda and for Log selector template, choose Log all events.

The following example logs show details of an Invoke API call:

 {
  "eventVersion": "1.06",
  "userIdentity": {
    "type": "IAMUser",
    "principalId": "AIDAIOR74VCJ2M3NB8U4M",
    "arn": "arn:aws:iam::999999999999:user/kyle",
    "accountId": "999999999999",
    "accessKeyId": "AK2IU7DKE7U2KOI8CCBP",
    "userName": "kyle"
  },
  "eventTime": "2017-11-29T08:47:45Z",
  "eventSource": "lambda.amazonaws.com",
  "eventName": "Invoke",
  "awsRegion": "us-west-2",
  "sourceIPAddress": "192.168.0.1",
  "userAgent": "aws-cli/1.11.129 Python/2.7.8 Linux/3.1.56-0.6.839hdh3.x86_64 botocore/1.5.92",
  "requestParameters": {
    "invocationType": "RequestResponse",
    "functionName": "arn:aws:lambda:us-west-2:999999999999:function:BlogFunction:prod",
    "clientContext": "ew0KICAiY29udGV4dGtleSIgOiAiY29udGV4dHZhbHVlIg0KfQ==",
    "qualifier": "prod"
  },
  "responseElements": null,
  "additionalEventData": {
    "functionVersion": "arn:aws:lambda:us-west-2:999999999999:function:BlogFunction:4"
  },
  "requestID": "eaccb900-8f45-11e7-b60d-179cdf501g92",
  "eventID": "0e205f1d-3929-4803-b887-0d2aca122148",
  "readOnly": false,
  "resources": [{
    "accountId": "999999999999",
    "type": "AWS::Lambda::Function",
    "ARN": "arn:aws:lambda:us-west-2:999999999999:function:BlogFunction"
  }],
  "eventType": "AwsApiCall",
  "managementEvent": false,
  "recipientAccountId": "999999999999",
  "sharedEventID": "6159da59-ad2f-4e04-9669-cf0a6b6b4827"
}

To find information about the user that invoked the Lambda function in the preceding example, review the following fields:

• The userIdentity provides information about the user who made the request.
• The sourceIPAddress provides the IP address where the user made the request.
  Note: This field allows both IPv4 and IPv6 addresses.
• The userAgent provides the agent that the user used to make the request.

Related information

Gain visibility into the execution of your AWS Lambda functions with AWS CloudTrail

Logging AWS Lambda API calls using AWS CloudTrail

Understanding the CloudTrail Lake event schema

CloudTrail record contents