I can't subscribe my AWS Lambda function to an Amazon Simple Storage Service (Amazon S3) event notification or Amazon Simple Notification Service (Amazon SNS) topic in my AWS CloudFormation stack. If I try using the AWS::Lambda::EventSourceMapping resource, I receive the following error:

'Unrecognized event source, must be kinesis or dynamodb stream.'

The AWS::Lambda::EventSourceMapping resource is designed for pull-based event sources, such as Amazon DynamoDB event streams and Amazon Kinesis. With push-based event sources, such as an S3 event notifications or Amazon SNS messages, the event source is responsible for invoking the Lambda function. For a push event source to invoke a Lambda function, the function’s resource policy must authorize the event source. The list of supported event sources is available at Supported Event Sources.

In an AWS CloudFormation template, add the Lambda function policy by using the AWS::Lambda::Permission resource. For example, the following Lambda function policy adds a resource-based Lambda function policy to allow an Amazon SNS topic to invoke a Lambda function:

"LambdaResourcePolicy": {
  "Type": "AWS::Lambda::Permission",
  "Properties": {
    "FunctionName" : { "Ref" : "MyFunction" },
    "Principal": "sns.amazonaws.com",
    "Action": "lambda:InvokeFunction",
    "SourceArn" : { "Ref" : "MySNSTopic" }

For the preceding example, an S3 NotificationConfiguration statement that subscribes the Lambda function to the S3 bucket is required. For an Amazon SNS topic event source, a topic policy also must be defined. For more information, see Set Up Cross-Account Permissions. If no topic policy is set, the default policy contains the required permissions.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-09-02

Updated: 2018-04-10