Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Call cross account lambda from SNS

0

Hello,

We are in need to call lambda function within our organizations AWS account from Vendor's AWS account based on SNS notification. Currently we have roles and permissions configured in such way that we can call / use vendor's AWS resources but they can't access our's and at the same time we don't want to open it to them. What should be our best path to make this communication work?

Thank You, Yogesh

Argomenti
ServerlessComputazionaliIntegrazione delle applicazioni
Tag
AWS LambdaAmazon Simple Notification Service (SNS)
Lingua
English
rePost-User-2633804
posta un anno fa208 visualizzazioni
1 Risposta
0

Hi Yogesh,

To my understanding you must allow partial access (limited to sns arn) from the vendor for it to work, so here my suggested steps:

  • create the sns topic in the vendor's account and update it's resource-based policy to allow lambda of your account to subscribe to it.
  • update the resource-based policy of the lambda to allow invocation from the vendor's account sns arn.
  • subscribe the lambda function in the vendor's account sns topic.

Check out this link for a step by step tutorial: https://www.shogan.co.uk/aws/aws-sns-to-lambda-cross-account-setup/

Sincerley Heiko

profile picture
HeikoMR
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente