Organization to Organization Communication

Question

Hi All,

So i have a lambda function running in an account that collects some information that i want to pass to another account in a different organization and im stuck as to what the best way to accomplish this would be. So far i have thought of the following options, but would like to get peoples input and recommendations.

1) Lamba send payload to an SNS topic, this has a https subscriber for the API Gateway REST API running in the destination org.
2) Lambda sends payload by connecting directly to REST API in destination org.
3) Lambda sends payload to an SQS queue , the destination org\account monitors this queue and retrieves the messages to be processed.

Appreciate any suggestions and feedback

Answer

Based on the options you listed, sending the payload to an SNS topic would be the best approach. Here are a few reasons why:

* SNS makes it easy to fan-out the message to multiple subscriber endpoints, including an API Gateway endpoint in the other account. This provides redundancy in case one subscriber is unavailable.
* SNS has good scalability and can handle high volumes of messages from the source Lambda function.
* Using SNS as the transport decouples the source Lambda function from knowledge of the destination endpoints. This follows the publish-subscribe messaging pattern.
* The destination account can control access to its API Gateway endpoint by attaching an IAM policy to allow only the SNS topic ARN to invoke it.
* To set this up, the source Lambda function would publish messages to an SNS topic. In the destination account, an API Gateway REST API would subscribe to that SNS topic. The API method could then process the payload and trigger any other resources.
* Let me know if you have any other questions! For implementation details, AWS documentation provides examples of cross-account SNS configurations and integrating with API Gateway.

Organization to Organization Communication

Relevant content