Why doesn't my Amazon S3 event notification trigger my Lambda function?

Last updated: 2019-09-27

I configured an Amazon Simple Storage Service (Amazon S3) event notification to trigger my AWS Lambda function. Why doesn't the function trigger as expected when the event occurs?

Short Description

Confirm that all of the following are correctly configured:

Resolution

Amazon S3 event type

When you configure an Amazon S3 event notification, you specify which of the supported Amazon S3 event types (such as PUT, POST, COPY, and CompleteMultipartUpload) will cause Amazon S3 to send the notification. If an event type that you didn't specify occurs in your S3 bucket, Amazon S3 won't send the notification (and won't trigger your Lambda function).

For example, if you try to COPY an object into your S3 bucket, but your event notification is configured for POST events, the COPY event won't trigger your function.

Object key name filters

You can configure Amazon S3 event notifications to use object key name filtering. When configured, Amazon S3 publishes notifications (and triggers your Lambda function) only for objects with a certain key name prefix or suffix.

If you use any of these special characters in the value of the prefix or suffix, you must enter them in URL encoded (percent-encoded) format:

  • ASCII character ranges 00–1F hex (0–31 decimal) and 7F (127 decimal)
  • Dollar ("$")
  • Ampersand ("&")
  • Plus sign ("+")
  • Comma (",")
  • Colon (":")
  • Semicolon (";")
  • Equals sign ("=")
  • Question mark ("?")
  • At sign ("@")
  • Space (" ")

For example, to define the value of a prefix as "test=abc/", you would enter "test%3Dabc/" for its value.

Note: A wildcard character ("*") can't be used in filters as prefix or suffix to represent any character.

For more information, including a list of characters to avoid, see Object Key Naming Guidelines.

Lambda permissions

Your Lambda function's resource-based policy must allow the specific Amazon S3 bucket to invoke the function. When you add a new event notification using the Amazon S3 console, these permissions are automatically added to that policy.

Note: Unlike using the console, adding a new event notification using put-bucket-notification-configuration via the AWS Command Line Interface (AWS CLI) won't update the Lambda function policy.

However, Amazon S3 event notifications can still fail to invoke your function as expected later if you removed the permissions at some point.

Check the policy to confirm that it has the required permissions, and add them if needed. For how to add the required permissions, see Why do I get the error "Unable to validate the following destination configurations" when creating an Amazon S3 event notification to trigger my Lambda function?

Lambda concurrency

Your Lambda function should be configured to handle concurrent executions of requests, such as incoming Amazon S3 event notifications. If requests arrive faster than your function can scale, or if your function is at maximum concurrency, Lambda will throttle these requests and back off before automatically retrying. For more information, see Asynchronous Invocation and AWS Lambda Function Scaling.