How to invoke lambda in a different aws account using SAM template cloudformation

1
votes

Cloudformation snippet for the role

I am creating a serverless architecture model (SAM) using AWS lambda cloudformation. I have two lambdas - frontend lambda and a backend lambda. The front lambda is in account A and backend lambda is in account B. The front end lambda renders static files from S3 for UI. When it has to do backend data processing it should invoke the backend lambda in another aws account. I do have a role in both the accounts and have trusted both the accounts as well. It is not able to invoke the backend lambda still. How do I invoke the backend lambda using cloudformation template.

1
aws-lambdaamazon-cloudformationserverless-application-model
have you figured out a full working cloudformation template ?PainPoints

1 Answers

0
votes

Back End:

Your backend lambda needs to give the front end lambda permission to invoke it:

  BackEndLambdaPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: 'lambda:InvokeFunction'
      FunctionName: 
        Fn::GetAtt:
          - BackEndLambda
          - Arn
      Principal: <enter principal>
      SourceArn: <front end lambda arn is optional but recommended>

Front End:

Front end, you need to give permission to invoke the other function (this goes in the Policies section of either a Serverless::Function or the Iam::Role, depending on how your lambda is set up):


        - Effect: Allow
          Action:
            - 'lambda:InvokeFunction'
          Resource: "arn:aws:lambda:us-east-1:123456789012:function:function-name"

Pass the function arn into your front end lambda in the Environment property:

       Environment:
         Variables:
           BackEndFunctionArn:"arn:aws:lambda:us-east-1:123456789012:function:function-name"

Invoke the the back end lambda from the code of your front end lambda (python example):

def invoke_back_end(event):
    event = {"data": "Hello back end"}
    function_arn = os.environ.get("BackEndFunctionArn")
    client = boto3.client('lambda')
    # "RequestResponse" is a synchronous invocation. Use "Event" for async
    response = client.invoke(FunctionName=function_arn, Payload=json.dumps(event), InvocationType='RequestResponse')
    return response