1 Answer
- Newest
- Most votes
- Most comments
0
It seems like prmissions for Amazon S3 to invoke your Lambda function is missing.
If you are doing through eventbridge rule, then here is how you can add if deploying through cloudformation.
rLambdaInvokePermission:
Type: 'AWS::Lambda::Permission'
Properties:
FunctionName: !Ref myLambdaFunction
Action: 'lambda:InvokeFunction'
Principal: events.amazonaws.com
SourceArn: !GetAtt rEventRule.Arn
If you are using s3 event trigger, then refer LambdaInvokePermission portion at this re:Post thread, which covers this step by step.
Please refer AWS Documentation for more details.
Hope you find this useful.
Comment here if you have additional questions, happy to help.
Abhishek
Relevant content
- Edit Lambda trigger events not possible. Unable to validate the following destination configurationsAccepted Answerasked 3 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 23 days ago
If my permissions are missing, why does it work for the other 6 functions with the same permissions working? Also, this answer references resources I have already reviewed which I included in my post.
I understand that's working for other six lambda functions but have you added these permissions to this lambda function?
These permissions are resource based permission and have to be associated with each resource(lambda in this case).
Do you see s3 event as trigger added to your lambda function? Also for that lambda function -> Go to Configuration -> Permissions -> Resource-based policy statements -> See if you are able to find the policy for your s3 bucket/prefix there. This error comes when this resource policy is missing.
Another thing, I'd do to isolate the issue, try creating the s3 event notification for All object create events(s3:ObjectCreated:*) instead of just PutObject, as if file size is big then "Multipart upload completed(s3:ObjectCreated:CompleteMultipartUpload)" would be the event and in case of file copy between s3 buckets, "Copy(s3:ObjectCreated:Copy)" would be the event.
The permissions are identical for each lambda function which include the LambdaInvokePermission (found in the stackoverflow link in my question above), for the 6 other functions and the new function. The 'All object create events' have been used for each function as well and the new ones still are failing to create. As stated in my question, the configuration for the resource-based policy statements are the same for the new and old functions.