AWS account Id in SNS topic event

0
votes

Is there any way to get AWS Account Id in an SNS topic event to the subscriber? Actually, in my case, I want multiple customer account can trigger their s3 putObject to the given sns topic arn which is from my account and I have a lambda method which is subscribed to that topic. Now I'm getting event payload in my lambda handler whenever a customer puts an object to s3 bucket. But as I said, there would be many customer so my lambda need to process that coming event is from which customer? So I need customer account Id available in the sns event payload, is it possible?

2
amazon-web-servicesaws-lambdaamazon-sns
Sorry, but your question is confusing. Could you please Edit your question, and explain exactly which entities (SNS, Lambda, publisher) are in which Account, and also describe the complete end-to-end flow you are seeking. Thank you.John Rotenstein
@JohnRotenstein updated my question please have a readBiswa Bandhu Bhandary

2 Answers

0
votes

Schema that is received by subscriber already contains Arns of both subscriber and topic. Here is the schema. We can parse the accountId from it.

    `"TopicArn":"arn:aws:sns:us-east-2:123456789012:sns-lambda"`

"EventSubscriptionArn": "arn:aws:sns:us-east-2:123456789012:sns-lambda:21be56ed-a058-49f5-8c98-aedd2564c486"

0
votes

It appears that your situation is:

  • Multiple AWS Accounts have Amazon S3 buckets with an Amazon S3 Event configured to trigger your AWS Lambda function
  • You want the ability to for the Lambda function to detect which account triggered the event

I don't think that this information is available. Here is a sample S3 Put event from the AWS Lambda "Test" console:

{
  "Records": [
    {
      "eventVersion": "2.0",
      "eventSource": "aws:s3",
      "awsRegion": "ap-southeast-2",
      "eventTime": "1970-01-01T00:00:00.000Z",
      "eventName": "ObjectCreated:Put",
      "userIdentity": {
        "principalId": "EXAMPLE"
      },
      "requestParameters": {
        "sourceIPAddress": "127.0.0.1"
      },
      "responseElements": {
        "x-amz-request-id": "EXAMPLE123456789",
        "x-amz-id-2": "EXAMPLE123/5678abcdefghijklambdaisawesome/mnopqrstuvwxyzABCDEFGH"
      },
      "s3": {
        "s3SchemaVersion": "1.0",
        "configurationId": "testConfigRule",
        "bucket": {
          "name": "example-bucket",
          "ownerIdentity": {
            "principalId": "EXAMPLE"
          },
          "arn": "arn:aws:s3:::example-bucket"
        },
        "object": {
          "key": "test/key",
          "size": 1024,
          "eTag": "0123456789abcdef0123456789abcdef",
          "sequencer": "0A1B2C3D4E5F678901"
        }
      }
    }
  ]
}

There does not appear to be a field containing the Account ID of the source bucket.

To confirm this, I triggered an event on an S3 bucket and logged the event. I could not find any reference to an AWS Account ID.