I configured Amazon Simple Storage Service (Amazon S3) Event Notifications to invoke my AWS Lambda function. However, the function doesn't invoke when the Amazon S3 event occurs.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
Verify that your Amazon S3 event type is configured correctly
When you configure S3 Event Notifications, you must specify each event type that causes Amazon S3 to send the notification. If an event type that you didn't specify occurs in your Amazon S3 bucket, then Amazon S3 doesn't send the notification.
For example, you configure an event notification to invoke Lambda with the s3:ObjectCreated:Put event type. If you upload a large file, then Amazon S3 automatically uses the multipart upload process to upload the file to the bucket. To invoke the Lambda function for this upload, you must also configure the s3:ObjectCreated:CompleteMultipartUpload event type. Or, use the s3:ObjectCreated:* event type to request notifications for each API that Amazon S3 uses to create an object.
Verify that your object key name filters include the uploaded file name
If your S3 Event Notifications use object key name filtering, then Amazon S3 publishes notifications only for objects with specific prefixes or suffixes. Make sure that the prefix or suffix filters specified in the event notification include the uploaded object key name.
Note: You can't use a wildcard character (*) in filters as a prefix or suffix to represent any character
For object key name filtering, certain special characters in your prefixes or suffixes must be URL-encoded (percent-encoded). For example, to define the value of a prefix as test=abc/, enter the test%3Dabc/ URL-encoded value.
For more information on specific character handling in object key names, see Object key naming guidelines.
Verify that your Lambda function's IAM resource-based policy has the required permissions for Amazon S3 to invoke the function
Check your Lambda function's AWS Identity and Access Management (IAM) resource-based policy to verify that the policy allows your bucket to invoke the function. If the bucket can't invoke the function, then add the required policy.
Example policy:
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "lambda-allow-s3-my-function",
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-2:123456789012:function:my-function",
"Condition": {
"StringEquals": {
"AWS:SourceAccount": "123456789012"
},
"ArnLike": {
"AWS:SourceArn": "arn:aws:s3:::amzn-s3-demo-bucket"
}
}
}
]
}
For more information, see Managing permissions in AWS Lambda.
Note: When you use the Amazon S3 console to add a new event notification, Amazon S3 automatically adds the required permissions to your function's resource-based policy. However, if you use the put-bucket-notification-configuration AWS CLI command to add an event notification, then your function's policy isn't updated automatically.
Verify that your Lambda function is configured to handle concurrent invocations from S3 Event Notifications
You must configure your Lambda function to handle concurrent invocations from S3 Event Notifications. If invocation requests arrive faster than your function can scale or your function is at maximum concurrency, then Lambda throttles the requests.
For more information, see Invoking a Lambda function asynchronously.
Related information
How do I use AWS Systems Manager Automation to troubleshoot issues when my Amazon S3 event notification doesn't invoke a Lambda function?
Process Amazon S3 event notifications with Lambda
Tutorial: Using an Amazon S3 trigger to invoke a Lambda function
Why do I get the error "Unable to validate the following destination configurations" when I create an Amazon S3 Event Notification?
How do I set up an Amazon S3 Event Notification to invoke a Lambda function that's in another AWS account?