Why did my Lambda Amazon SQS trigger get disabled?

3 minute read
0

I configured my AWS Lambda function to process messages in an Amazon Simple Queue Service (Amazon SQS) queue but the SQS trigger is not active.

Short description

You can use a Lambda function to process messages in an Amazon SQS queue. Event source mapping reads from an event source and invokes a Lambda function. The state of the event source mapping are either Creating, Enabling, Enabled, Disabling, Disabled, Updating, or Deleting.

Lambda pollers constantly make the ReceiveMessage API action call to the Amazon SQS queue. If the ReceiveMessage API call doesn't complete, then the EventSourceMapping resource is disabled.

Resolution

Lambda function permissions

Make sure that your Lambda function execution role has access to the following permissions:

AWS Key Management Service (AWS KMS) permissions

If the Amazon SQS queue is configured with SSE-KMS encryption, make sure that:

Note: Amazon SQS queues with SSE-KMS encryption can't invoke a Lambda function in a different AWS account (cross-account).

CloudTrail event history

You can use AWS CloudTrail to look up events. CloudTrail is turned on by default for your AWS account.

For an ongoing record of events in your AWS account, create a trail. Using a trail, CloudTrail creates logs of API calls made on your account. These logs are delivered to an Amazon Simple Storage Service (Amazon S3) bucket that you specify. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history.

1.    Open the CloudTrail console.

2.    In the navigation pane, choose Event history.

3.    Follow the instructions for viewing, displaying, and filtering CloudTrail events for your use case.

You can also download recorded event history as a file in CSV or JSON format.

Check for the CloudTrail event name LambdaESMDisabled. The event log contains the parameter ESMDisableReason with more information on the cause of why the Amazon SQS trigger's is not active.

For more information, see Logging Lambda API calls with CloudTrail.

Amazon CloudWatch alarms (optional)

You can create a CloudWatch alarm for Amazon SQS metrics to get notified on the number of messages received, sent, deleted, and so on. For example, you can use the Amazon SQS metric NumberOfMessagesReceived to get the number of recent messages returned. If the count is 0, then invoke a new Lambda function to check the status of the Amazon SQS trigger. If the Amazon SQS trigger is still disabled, then use the new Lambda function to activate it.

For more information, see Available CloudWatch metrics for Amazon SQS.

Related information

What permissions do I need to access an Amazon SQS queue?

How do I troubleshoot Lambda function failures?

AWS OFFICIAL
AWS OFFICIALUpdated a year ago