1

Has anyone ever programmatically added an SNS Topic as a trigger to a Lambda function in AWS and also programmatically enabled it? I am trying the following with the Powershell AWS SDK and can do everything, but enable it.

First, I locate one of my topics (myTopic):

$snsTopicArn = (Get-SNSTopic | {$_.TopicArn -match "myTopic"}).TopicArn

Prepare to subscribe to the lambda endpoint ($lambdaARN)

Connect-SNSNotification -TopicArn $snsTopicArn -Protocol lambda -Endpoint $lambdaArn `
                        -Confirm:$FALSE | Out-Null

Since this function returns a subscription arn and not a token, the documentation has told me to assume that the subscription has been autoconfirmed and does not need a "ConfirmSubscription" (Confirm-SNSSubscription) call.

Next, I add permission to the Lambda's resource policy for this topic to run the Lambda.

Add-LMPermission -FunctionName $lambdaName -Action "lambda:Invoke" `
                 -Principal sns.amazonaws.com -SourceArn $snsTopicArn `
                 -StatementId (Get-Random) | Out-Null

At this point the topic appears in the list of triggers for the topic, but is not enabled.

Any ideas?

Improve this question

1 Answer 1

Reset to default
1

For anyone interested, I found the answer. Turns out typing a valid lambda action is important. :)

After about an hour of chat with AWS support I discovered that I didn't have a valid lambda action specified in the "add permission" call:

lambda:Invoke

It actually should be this:

lambda:InvokeFunction

or this wildcard expression:

lambda:Invoke*

"Invoke" is the function name, not the action (permissions) name. Their relationship is mentioned here: http://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html

When in doubt, AWS has a policy simulator listing all of the AWS actions for their services: https://policysim.aws.amazon.com/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.