How do I set up Amazon S3 event notifications to invoke a Lambda function that's in another AWS account?
Last updated: 2021-06-08
I want my Amazon Simple Storage Service (Amazon S3) bucket to invoke an AWS Lambda function in another AWS account. How do I set that up?
To have your Amazon S3 bucket invoke a Lambda function in another AWS account, do the following:
Important: The Lambda function must be in the same AWS Region as your Amazon S3 bucket. For information on migrating functions, see How do I migrate a Lambda function to another AWS account or Region using the Lambda console?
Note: You must have the following information to complete this procedure:
Update your Lambda function's resource-based permissions policy to grant invoke permission to Amazon S3
1. Open the Functions page on the Lambda console using the AWS account that your Lambda function is in.
2. Choose the name of the Lambda function that you want to be invoked by Amazon S3.
3. In the Configuration tab, choose Permissions.
4. In the Resource-based policy pane, choose Add permissions.
5. In the Policy statement pane, choose AWS service. The Service dropdown list appears.
6. In the Service dropdown list, choose S3. More text fields appear.
7. For Source account, enter the AWS account ID of the account that's hosting your Amazon S3 bucket.
8. For Source ARN, enter your Amazon S3 bucket's ARN. Use the following format:
Important: Replace bucket_name with the name of your Amazon S3 bucket.
9. For Action, select lambda:InvokeFunction from the dropdown list.
10. For Statement ID, enter a unique statement ID to differentiate the statement that you're creating within the policy.
11. Choose Save.
Note: For more information, see Using resource-based policies for AWS Lambda.
Create an Amazon S3 event notification that invokes your Lambda function
1. Follow the instructions in Enabling and configuring event notifications using the Amazon S3 console.
2. Test the setup by following the instructions in Test with the S3 trigger in Tutorial: Using an Amazon S3 trigger to invoke a Lambda function. If your function isn't invoked by the event notification, then follow the instructions in Why doesn't my Amazon S3 event notification invoke my Lambda function?