AWS Lambda runs PUT in s3 bucket in a separate account

Question

AWS Lambda runs PUT in s3 bucket in a separate account

I am trying to run the Lambda function to update in an s3 bucket. The s3 bucket that I am trying to start Lambda is in a separate AWS account.

The approach I tried is setting up a role in an account that with s3 bucket has all the privileges in s3 bucket. Then in the account with Lambda I have a role that takes a role in another account like this:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "sts:AssumeRole"
        ],
        "Resource": [
            "arn:aws:iam::..."
        ]
    }
]
}

I cannot see the s3 bucket in the list of buckets to trigger the Lambda event.

Is using the s3 bucket in a separate account to run Lambda? This is the right decision?

+4

amazon-s3 amazon-web-services amazon-iam aws-lambda

Banner Apr 17 '16 at 22:45

source share

2 answers

, Account-A Account-B. :

, S3:

aws lambda add-permission \
  --function-name MyFunction \
  --region <your-region> \
  --statement-id <whatever> \
  --action "lambda:InvokeFunction" \
  --principal s3.amazonaws.com \
  --source-arn <source-bucket-arn> \
  --source-account <Account-A-id> \

S3, ARN -

+2

Tom 18 . '16 8:47

John Rotenstein · Accepted Answer · 2016-04-18T07:36:51+0000

Amazon S3 AWS Lambda, .

. ( - ), Lambda.

, Lambda , Amazon S3. Lambda , Lambda ( ), Bucket A, Account .

: , - Lambda S3 . : AWMS Lambda ( )

AWS Lambda runs PUT in s3 bucket in a separate account

More articles: