Call cross account lambda from SNS

0

Hello,

We are in need to call lambda function within our organizations AWS account from Vendor's AWS account based on SNS notification. Currently we have roles and permissions configured in such way that we can call / use vendor's AWS resources but they can't access our's and at the same time we don't want to open it to them. What should be our best path to make this communication work?

Thank You, Yogesh

1 Answer
0

Hi Yogesh,

To my understanding you must allow partial access (limited to sns arn) from the vendor for it to work, so here my suggested steps:

  • create the sns topic in the vendor's account and update it's resource-based policy to allow lambda of your account to subscribe to it.
  • update the resource-based policy of the lambda to allow invocation from the vendor's account sns arn.
  • subscribe the lambda function in the vendor's account sns topic.

Check out this link for a step by step tutorial: https://www.shogan.co.uk/aws/aws-sns-to-lambda-cross-account-setup/

Sincerley Heiko

profile picture
HeikoMR
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions