AWS Lambda S3 Bucket Notification via CloudFormation

13
votes

I'm trying to create a Lambda notification via CloudFormation but getting an error about the ARN format being incorrect.

Either my CloudFormation is wrong or it doesn't support the Lambda preview yet.

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "LambdaArn": {
      "Type": "String",
      "Default": "arn:aws:lambda:{some-region}:{some-account-id}:function:{some-fn-name}"
    }
  },
  "Resources": {
    "EventArchive": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "NotificationConfiguration": {
          "TopicConfigurations": [
            {
              "Event": "s3:ObjectCreated:Put",
              "Topic": {
                "Ref": "LambdaArn"
              }
            }
          ]
        }
      }
    }
  }
}

But when I push up this CloudFormation I get the message:

The ARN is not well formed

Does anyone have idea as to what this means? I know the example above has been modified so not to use my actual ARN, but in my actual code I've copied the ARN directly from the GUI.

Also, interestingly I was able to create the notification via the AWS console, and so I just assume that AWS CloudFormation doesn't yet support this feature (even though that's not quite clear I don't think when reading the documentation).

2
amazon-web-servicesamazon-cloudformationaws-lambda

2 Answers

26
votes

It looks like AWS has now released support for notifying lambda functions directly in CloudFormation.

The S3 NotificationConfiguration definition used to only include TopicConfigurations but has been updated to include LambdaConfigurations as well.

After adding the NoficationConfiguration, make sure you include a Lambda::Permission resource so that S3 is allowed to execute your lambda function. Here is an example permission that can be used as a template:

"PhotoBucketExecuteProcessorPermission": {
    "Type" : "AWS::Lambda::Permission",
    "Properties" : {
        "Action":"lambda:invokeFunction",
        "FunctionName": { "Fn::GetAtt": [ "PhotoProcessor", "Arn" ]},
        "Principal": "s3.amazonaws.com",
        "SourceAccount": {"Ref" : "AWS::AccountId" },
        "SourceArn": {
            "Fn::Join": [":", [
                "arn","aws","s3","", ""
                 ,{"Ref" : "PhotoBucketName"}]]
        }
    }
}
2
votes

From the docs:

The Amazon SNS topic to which Amazon S3 reports the specified events.

It appears that although S3 supports sending events to Lambda, CloudFormation has not yet caught up. It expects an SNS ARN where you are providing a Lambda function ARN.

For now, it looks like you will have to hook up the event notification manually.