I am unable to subscribe my AWS Lambda function to an Amazon S3 event notification or AWS SNS topic in my AWS CloudFormation stack. If I try using the AWS::Lambda::EventSourceMapping resource, I receive the following error:

'Unrecognized event source, must be kinesis or dynamodb stream.'

The AWS::Lambda::EventSourceMapping resource is designed for pull-based event sources, such as Amazon DynamoDB event streams and Amazon Kinesis. With push-based event sources, such as S3 event notifications or SNS messages, the event source is responsible for invoking the Lambda function.

For a push event source to invoke a Lambda function, the function’s resource policy must authorize the event source. The list of supported event sources is available at Supported Event Sources.

In an AWS CloudFormation template, add the Lambda function policy by using the AWS::Lambda::Permission resource. For example, the following template snippet adds a resource-based Lambda function policy to allow an SNS topic to invoke a Lambda function:

"LambdaResourcePolicy": {

    "Type": "AWS::Lambda::Permission",

    "Properties": {

        "Function" : { "Ref" : "MyFunction" },

        "Principal": "sns.amazonaws.com",

        "Action": "Allow",

        "SourceArn" : { "Ref" : "MySNSTopic" }

    }

}

For the preceding example, an S3 NotificationConfiguration statement that subscribes the Lambda function to the S3 bucket is required.

For an SNS topic event source, a topic policy also must be defined. For more information, see Set Up Cross-Account Permissions. If no topic policy is set, the default policy contains the required permissions.

Lambda, S3, SNS, push, event, permissions, AddPermission, Resource Policy, Notification


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-09-02

Updated: 2016-09-15