Can Pinpoint campaign / journey custom channel call a lambda in another AWS account?

Can a Pinpoint campaign / journey custom channel call a lambda function in another AWS account?

I have tried adding the following permission to my lambda but it did not work:

aws lambda add-permission --function-name helloWorld --statement-id sid0 --action lambda:InvokeFunction --principal pinpoint.ap-south-1.amazonaws.com --source-arn arn:aws:mobiletargeting:ap-south-1:ACCOUNT_ID:apps/* --source-account ACCOUNT_ID

Can someone share any info on whether lambda functions can be called from services like S3, Pinpoint, etc. in other aws accounts? (I am aware of lambdas being allowed by external IAM users, but in my case the Pinpoint service makes the call to lambda and needs the required permissions)

Topics

Serverless Compute Security, Identity, & Compliance Front-End Web & Mobile Business Applications

Tags

AWS Lambda AWS Identity and Access Management Amazon Pinpoint

Language

English

renzil

asked 8 months ago230 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Hi,

You should follow this service-neutral guidance and full example to achieve cross-account calls with Lambdas: https://gist.github.com/helephant/57d10c022f22e8209118b459a5afb60d

Best,

Didier

EXPERT

Didier_Durand

answered 8 months ago

renzil
8 months ago
Thank you Didier.

This solution involves invoking 2 lambdas, one acting like a proxy to bridge the permission issue.

Is there no way to use just 1 lambda in account A that can be called from a service like Pinpoint in account B? Pinpoint internally calls a lambda during a campaign / journey. This is specified through the Pinpoint API as an ARN string. I have tried giving the ARN of the lambda in account A, along with relaxing the permissions for this lambda to allow incoming requests from Pinpoint in account B, but this does not seem to work.

Can you positively confirm that Pinpoint campaign / journey lambda invocations cannot be done cross-account through a single lambda invocation?

Relevant content

Integrating Lambda to Check Do Not Call List in Amazon Pinpoint Journey
Kapil Baghel
asked 4 months ago
Multi Channel Pinpoint Journey
DanielMuller
asked 2 years ago
Calls not being queued in Pinpoint Journey
Malik Mustafa
asked a year ago
Sending Message to a custom Pinpoint channel with Lambda
Accepted Answer
Patton
asked a year ago
How do I register a 10DLC campaign?
AWS OFFICIALUpdated 10 months ago
How do I troubleshoot Amazon Pinpoint campaign message failures?
AWS OFFICIALUpdated 2 years ago
How can I use a Lambda function created in one AWS account with an AWS CloudFormation custom resource in another AWS account?
AWS OFFICIALUpdated 3 years ago
How can I use the AWS CLI to migrate a Lambda function to another AWS account or Region?
AWS OFFICIALUpdated 9 months ago
Deliver Salesforce Health Cloud appointment reminders directly to patients via Amazon Pinpoint
EXPERT
Elden
published a year ago
Announcing Accelerate Cloud Migrations with CAST Highlight Powered by AWS Migration Hub Journeys
EXPERT
Adeleke Adebowale J
published 6 days ago