Questions tagged with AWS Lambda

I have a lambda that generates the S3 presigned download URL and send back the presigned URL. These presigned URLs expire after 12 hours, assuming this is due to the expiry of temporary authenticaton tokens (I have set presign expiry to 7 days). Wondering how I can increase this 12 hours to 24 hours. Ref - https://repost.aws/knowledge-center/presigned-url-s3-bucket-expiration This is how I'm creating the s3 client in go. ``` awsSession := session.Must( session.NewSessionWithOptions( session.Options{ Config: aws.Config{Region: aws.String("us-west-2")}, AssumeRoleDuration: sessionExpiry, }, ), ) return &s3Client{ client: s3.New(awsSession), } ```lg...

I get the following error when trying to create a function and assign a newly created role. I'm printing the ARN and it looks OK. Using "Node.js 16.x" ``` 2023-03-17T19:26:40.245Z 342fa261-e9d8-426d-9231-60d9409a76dc INFO Role ARN is arn:aws:iam::XXXX:role/MQTT-SAVE-ROLE 2023-03-17T19:26:40.446Z 342fa261-e9d8-426d-9231-60d9409a76dc INFO Role ARN is arn:aws:iam::XXXX:role/MQTT-SAVE-ROLE 2023-03-17T19:26:41.064Z 342fa261-e9d8-426d-9231-60d9409a76dc INFO InvalidParameterValueException: The role defined for the function cannot be assumed by Lambda. ``` ``` const AWS = require('aws-sdk'); const path = require('path'); const s3 = new AWS.S3(); const lambda = new AWS.Lambda(); const iam = new AWS.IAM(); exports.handler = async (event) => { // TODO implement //Create Role var info = { name: "MQTT-SAVE-ROLE", PolicyArn: ["arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess"], }; var role = await createRole(info); console.log("Role ARN is", role); //Create Function info = { name: "mqtt_save", role: role }; var respCreate = await createFunction(info); return; }; async function createRole(info) { var role; var myPolicy = { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }; var createParams = { AssumeRolePolicyDocument: JSON.stringify(myPolicy), RoleName: info.name }; try { var respIam = await iam.createRole(createParams).promise(); console.log("Role ARN is", respIam.Role.Arn); // successful response role = respIam.Role.Arn; //attach Role Policy for(var i = 0; i< info.PolicyArn.length; i++ ){ var policyParams = { PolicyArn: info.PolicyArn[i], RoleName: info.name }; await iam.attachRolePolicy(policyParams).promise(); } } catch (err) { console.log(err, err.stack); // an error occurred return; } return role; } async function createFunction(info) { //Create Function var params = { Code: { S3Bucket: 'base-lambda-code', S3Key : info.name + '.zip', }, FunctionName: info.name + '_test', Description: 'Function used to save data from MQTT to Dynamo DB', Role: info.role, Handler: 'index.handler', Runtime: "nodejs16.x" , PackageType: "Zip", Publish: true, Timeout: '60', }; try { var response = await lambda.createFunction(params).promise(); console.log("ARN: ",response.FunctionArn ); console.log("State: ", response.State ); } catch (err) { console.log(err, err.stack); // an error occurred return; } return response; } ```lg...

I am trying to call Lamda function from iot. I can see the subscribed message on MQTT Test Client sent from iot device. But not able to call Lamda function. I followed the tutorial https://docs.aws.amazon.com/iot/latest/developerguide/iot-lambda-rule.html#iot-lambda-rule-test-rule I have also attached cloudwatch logs under error action to the AWS IoT rule. Still, nothing was logged. I am not sure if the connection is being established between AWS IoT and Lamda. However, I am able to call Lamda function successfully from API Gateway.lg...

Hello Everyone, I have received a aws email where they notifying me about a probably account compromised, I have changed my password and I have activated MFA, however I can't see my lambdas in any region in the console (https://us-east-1.console.aws.amazon.com/lambda/home?region=us-east-1#/functions), I was looking the network logs and I got this response in this endpoint (https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/) response {"Message":null} with status 403 I cannot create another lambda, same response with status 403 I am able to see any other service in the consolelg...

we use loads of lambda, eventbridge, all that good stuff. My devs were favouring a local environment, but this is clearly not possible. How do we write code / release fast, with a serverless architecture, without having to deploy every tiny change back up to AWS?lg...

Hi, I'm looking to connect the PostgreSQL Database using IAM authentication from Lambda written on Node.js I see some java script code here but nothing specific for Node.js https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.Connecting.Java.html#UsingWithRDS.IAMDBAuth.Connecting.Java.AuthToken.Connect I would like to authenticate connection to Aurora PostgreSQL using IAM Authentication. Any pointer on this is really appreciated.lg...

How do I connect an EventBridge Bus directly to an EventBridge Pipes as a Source. So EventBridge Bus -> EventBridge Pipes -> Enrichment (Lambda) -> Pipes Target Event Pattern -> Target (Lambda). As far as I can tell by the documentation and console ops I can only select Steaming services as Pipes Sources. Is this a limitation that is fixed forever? The scenario I was wanting to implement was my EventBridge Bus events being enriched with feature flag detail pre-populated based on identity and detail-type and to discourage target services making any tightly coupled call(s) to feature flag service. I thought EventBridge Pipes sound best idea as no code would have to be written to plum messages along the "Pipeline" just the Lambda code to enrich messages. One possible work around I was planning to try was to setup my pipeline. EventBridge Bus -> Rule Event Pattern (*) -> Lambda Target (enriches events based on data from DynamoDb Table w/ Cache) and then code to push events to a second EventBridge Bus -> EventBridge Bus -> Rule Event Pattern(s) -> Target(s). Would love expert suggestions for alternatives or maybe that this is a planned feature change. Thankslg...

Hi, I am trying to update an existing Cognito User Pool to make it send Emails using a third-party provider, I am following every detail mentioned in https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html However when it comes to updating the pool using a CLI command "aws cognito-idp update-user-pool --lambda-config " I receive the following error: Parameter validation failed: Unknown parameter in LambdaConfig: "CustomEmailSender", must be one of: PreSignUp, CustomMessage, PostConfirmation, PreAuthentication, PostAuthentication, DefineAuthChallenge, CreateAuthChallenge, VerifyAuthChallengeResponse, PreTokenGeneration, UserMigration Unknown parameter in LambdaConfig: "KMSKeyID", must be one of: PreSignUp, CustomMessage, PostConfirmation, PreAuthentication, PostAuthentication, DefineAuthChallenge, CreateAuthChallenge, VerifyAuthChallengeResponse, PreTokenGeneration, UserMigration so what I understand is the CustomEmailSender is for some reason had been rejected as aparameter! and at same time this is not available in the console either. I can set a CustomEmailSender only when i create a user pool using CloudFormation YAML script, but I am unable to update exisiting one Help in this is highly appreciated.lg...

When I do a deploy I get the error AccessDeniedException when creating the Type: AWS::Serverless::Function resource and in the Lambda service it doesn't let me see any function.lg...

I'm using AWS academy which I am not allowed to create IAM role, what I can use is only the LabRole. I am trying to use lambda function to invoke my step function using StartExecution, but it didn't work. I got the error below from CloudWatch. However, it should work on LabRole. [ERROR] ClientError: An error occurred (AccessDeniedException) when calling the StartExecution operation: User: arn:aws:sts::051823271855:assumed-role/LabRole/my-s3-function is not authorized to access this resource Traceback (most recent call last):   File "/var/task/lambda_function.py", line 20, in lambda_handler     input = json.dumps(input))   File "/var/runtime/botocore/client.py", line 391, in _api_call     return self._make_api_call(operation_name, kwargs)   File "/var/runtime/botocore/client.py", line 719, in _make_api_call     raise error_class(parsed_response, operation_name)lg...

When I open Lambda console as a root user, I immediately get a 403 error in web console and a red empty bar appears on top. After that when I click "Create Function", web console shows AccessDeniedException: null message for both Root user and Administrative Access user. If I try to create function anyways, nothing happens. SCPs are disabled.lg...

I have been working on a new scenario where I want to setup dynamic number in the contact flow. But the issue is that the outbound number should be dynamic and it is agent's wish to choose the outbound number. Let's explain through a proper scenario. Let's suppose we have 3 outbound number 111111, 222222, and 333333. On the first outbound call, the agent want to set this 111111 outbound number. on next outbound call the agent wants to set 222222 number on the fly. Is there any possibility to implement this scenario? I know we can use Call Phone Number block but how we will get input from the agent like we do in the case of inbound flows Get Customer Input Block. I am also open to integrate Lambda function. Any suggestion will be appreciated.lg...