How do I subscribe a Lambda function to an Amazon SNS topic in the same account?

Last updated: 2021-04-22

I want to subscribe my AWS Lambda function to an Amazon Simple Notification Service (Amazon SNS) topic in my AWS account. How do I do that?

Resolution

Note: The instructions in this article follow those in Tutorial: Using AWS Lambda with Amazon Simple Notification Service. However, this article provides same-account setup instructions. For prerequisites and cross-account set-up instructions, see the tutorial.

1.    Run the following command to create an Amazon SNS topic:

Note: Replace lambda-same-account with the name that you want for your topic.

$ aws sns create-topic --name lambda-same-account

Note the topic's Amazon Resource Name (ARN) that's returned in the command output. You'll need it later.

2.    Create an execution role for Lambda to access AWS resources. Note the role's ARN. You'll need it later.

3.    Create a deployment package. (Follow steps 1 and 2 in the tutorial.)

4.    Run the following command to create a Lambda function:

Note: Replace sns-same-account with the name that you want for your function. Replace arn:aws:iam::123456789012:role/service-role/lambda-sns-role with your execution role's ARN.

$ aws lambda create-function --function-name sns-same-account \
--zip-file fileb://function.zip --handler index.handler --runtime nodejs14.x \
--role arn:aws:iam::123456789012:role/service-role/lambda-sns-role \
--timeout 60

Note the function's ARN that's returned in the command output. You'll need it in the next step.

5.    Run the following command to add Lambda permissions for your Amazon SNS topic:

Note: Replace sns-same-account with the name you gave your function. Replace arn:aws:sns:us-east-1:123456789012:lambda-same-account with your topic's ARN.

$ aws lambda add-permission --function-name sns-same-account \
--source-arn arn:aws:sns:us-east-1:123456789012:lambda-same-account \
--statement-id sns-same-account --action "lambda:InvokeFunction" \
--principal sns.amazonaws.com

6.    Run the following command to subscribe your Lambda function to the Amazon SNS topic:

Note: Replace arn:aws:sns:us-east-1:123456789012:lambda-same-account with your topic's ARN. Replace arn:aws:lambda:us-east-1:123456789012:function:sns-same-account with your function's ARN.

$ aws sns subscribe --protocol lambda \
--topic-arn arn:aws:sns:us-east-1:123456789012:lambda-same-account \
--notification-endpoint arn:aws:lambda:us-east-1:123456789012:function:sns-same-account

7.    Run the following command to test the subscription by publishing a sample message:

Note: Replace arn:aws:sns:us-east-1:123456789012:lambda-same-account with your topic's ARN.

$ aws sns publish --message "Hello World" --subject Test \
--topic-arn arn:aws:sns:us-east-1:123456789012:lambda-same-account

The command output returns a message ID, confirming that the message is published to your topic.

8.    (Optional) Run the following commands to confirm in your Amazon CloudWatch Logs that the Lambda function was invoked:
Note: Replace sns-same-account with the name of your function.

$ aws logs describe-log-streams --log-group-name /aws/lambda/sns-same-account

Note the logStreamName returned. Then, use the following command to retrieve the logs:
Note: Replace sns-same-account with the name of your function and logStreamName with the logStreamName returned by describe-log-streams.

$ aws logs get-log-events --log-group-name /aws/lambda/sns-same-account \
--log-stream-name 'logStreamName'

Did this article help?


Do you need billing or technical support?