Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I subscribe a Lambda function to an Amazon SNS topic in a cross-account?

4 minute read
0

I want to subscribe my AWS Lambda function to an Amazon Simple Notification Service (Amazon SNS) topic in another AWS account.

Resolution

In the following scenario, the Amazon SNS topic is in account A, and the Lambda function is in account B.

Create an SNS topic in account A and a Lambda function in account B. Then, follow the steps to subscribe the cross-account Lambda function to the SNS topic.

Note: Before you begin, make sure that the Lambda function resource policy allows SNS to invoke the function. Also, make sure that the SNS topic access policy allows Lambda to subscribe to the topic.

Create an SNS topic in account A

Complete the following steps:

  1. Open Amazon SNS console in account A.
  2. In the navigation pane, choose Topics.
  3. For Type, select Standard.
  4. For Name, enter a name for your SNS topic.
  5. Choose Create topic.
  6. Choose the Access policy tab, and then choose Edit.
  7. To grant account B sns:Subscribe permission, add the following access policy statement: 
    {
  "Sid": "Allow-AccountB-To-Subscribe",
  "Effect": "Allow",
  "Principal": {
    "AWS": "AccountB"
  },
  "Action": "sns:Subscribe",
  "Resource": "YourARN"
}
    Note: Replace AccountB with your account that has the Lambda function and YourARN with your SNS topic Amazon Resource Name (ARN).

8. Choose Save changes.

Create a Lambda function in account B

Complete the following steps:

  1. Open the Lambda console.
  2. Choose Create function.
  3. For Function name, enter a name for your function.
  4. Choose Create function.

Subscribe a cross-account Lambda function

To subscribe a cross-account Lambda function to an SNS topic, do one of the following:

  • Add an SNS trigger from the Lambda console in account B.
  • Add Lambda subscription from the SNS console in account B (the account with the Lambda function).
  • Use the AWS Command Line Interface (AWS CLI) to subscribe a Lambda function.

Add an SNS trigger from the Lambda console in account B

Complete the following steps:

  1. Open the Lambda console.
  2. On the Functions page, select the function that you created earlier.
  3. Select Add trigger.
  4. Choose the Trigger configuration dropdown list, and then select SNS.
  5. Choose Add.
  6. In the SNS Topic field, choose the SNS topic that you previously created.
  7. Choose Add.
  8. Choose the Test tab, and then choose Test to test the configuration.

The SNS topic in account A can now invoke your Lambda function in account B.

Note: When you add the trigger, Lambda automatically adds the necessary permissions for Amazon SNS to invoke your function.

Add a Lambda subscription from the SNS console in account B

Complete the following steps:

  1. Open the Lambda console.
  2. On the Functions page, select the function that you created earlier.
  3. Choose the Configuration tab and then choose Permissions.
  4. From the Resource-based policy statements section, choose Add permissions.
  5. For Edit policy statement, choose AWS service.
  6. Choose the Service dropdown list, and then choose SNS.
  7. For Statement ID, enter AllowSNSToInvokeFunction.
  8. For Source ARN, enter the topic ARN that you created earlier.
  9. For Action, choose lambda:InvokeFunction, and then choose Save.
  10. Open the Amazon SNS console.
  11. In the navigation pane, choose Subscriptions.
  12. Choose Create subscription.
  13. For Topic ARN, enter the SNS topic ARN from account A.
  14. Choose the Protocol dropdown list, and then choose AWS Lambda.
  15. For Endpoint, enter the Lambda function ARN, and then choose Create Subscription.

Use the AWS CLI to subscribe a Lambda function

Note: If you receive errors when you run AWS CLI commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

To subscribe the Lambda function from account B, run the following subscribe command in account B:

aws sns subscribe \
-- topic-arn your-topic-arn \
--protocol lambda \
--notification-endpoint your-function-arn\
--region your-region

Note: Replace your-topic-arn with your topic ARN, your-function-arn with the name of your function, and your-region with your AWS Region.

Related information

Tutorial: Using AWS Lambda with Amazon Simple Notification Service

Why do I get an authorization error when I try to subscribe my Lambda function to my Amazon SNS topic?

Topics
Application Integration
Tags
Amazon Simple Notification Service (SNS)
Language
English

Related videos

Watch Ben's video to learn more (4:44)
Watch Ben's video to learn more (4:44)
AWS OFFICIALUpdated 17 days ago
1 Comment

This article was reviewed and updated on 2026-04-24.

AWS
EXPERT
replied 16 days ago

Relevant content