Why isn't Amazon SNS invoking my AWS Lambda function, and how do I troubleshoot the issue?

Last updated: 2021-06-03

I'm using an AWS Lambda function to process Amazon Simple Notification Service (Amazon SNS) notifications, but my Amazon SNS topic isn't invoking the function. How do I troubleshoot Amazon SNS notifications not invoking my Lambda function?

Short description

There are five reasons why an Amazon SNS message event won't invoke a Lambda function that's subscribed to an SNS topic:

Resolution

Confirm that the IAM identity publishing to the SNS topic has the permissions required to publish to the SNS topic

Look at the NumberOfMessagesPublished metric in your Amazon CloudWatch metrics for Amazon SNS. If the Publish requests made by the IAM entity that you're using to invoke the function aren't recorded in the NumberOfMessagesPublished metric, do the following:

1.    Confirm that the IAM entity making the Publish API request has the permissions required to publish to the SNS topic. For more information and specific policy statement examples, see Example cases for Amazon SNS access control.

2.    Confirm that the permissions policy for the SNS topic allows the IAM entity making the Publish API call to use the "SNS:Publish" action. For more information and example permissions policies, see Permissions for the Amazon SNS topic.

Confirm that your Lambda function has the permissions required to allow Amazon SNS to invoke the function

To view your function's permissions policy, follow the instructions in Using resource-based policies for AWS Lambda. If your function's policy doesn't include the "lambda:invokeFunction" action for your SNS topic, update the policy to include the required permissions.

Confirm that your Lambda function's filter policy matches the message attributes being sent from the SNS topic

Review the NumberOfNotificationsFilteredOut metric in your CloudWatch metrics for Amazon SNS. If the Publish requests made by the IAM entity that you're using to invoke the function appear in the NumberOfNotificationsFilteredOut metric, then do the following:

1.    View your Lambda function's SNS topic subscription filter policy by doing the following:
Open the Amazon SNS console.
On the left navigation panel, choose Subscriptions.
On the Edit page, expand the Subscription filter policy section.

2.    Review the subscription filter policy to confirm that the Publish request message attributes match the attributes required by the filter policy. If the attributes don't match, then update your Publish request message attributes so that they match the attributes required by the filter policy.

Note: For more information, see Amazon SNS subscription filter policies.

Confirm that your Lambda function isn't being throttled

(For SNS topics hosted in a commercial Region) Confirm that your Lambda function is hosted in the same Region as your SNS topic

Note: An Amazon SNS topic hosted in a commercial AWS Region can't invoke a Lambda function that's not in the Commercial Region. For the current list of AWS Regions that Amazon SNS supports, see Amazon Simple Notification Service endpoints and quotas.

Look at the Amazon Resource Names (ARNs) of your Lambda function and your Amazon SNS topic. If the Amazon SNS topic is hosted in a commercial AWS Region and the function is hosted in an opt-in Region, do the following:

1.    Create a new Lambda function in the same Region as your Amazon SNS topic.

2.    Configure the function's settings so that it makes an Invoke API call to the function that's hosted in the opt-in Region.

Important: Make sure that you update your SDK Region settings.

Example Python (Boto 3) command to change Region settings

#us-east-1 client
lambda_us_east_1_client = boto3.client('lambda',  region_name='us-east-1')
#us_west_1 client
lambda_us_west_1_client = boto3.client('lambda',  region_name='us-west-1')

Example JavaScript/Node.js command to change Region settings

//us-east-1 client
var lambda_us_east_1_client = new AWS.Lambda({apiVersion: '2015-03-31',region: 'us-east-1'});
//us_west_1 client
var lambda_us_east_1_client = new AWS.Lambda({apiVersion: '2015-03-31', region: 'us-west-1'});

Did this article help?


Do you need billing or technical support?