0

I'm using CloudFormation to deploy a stack, whereby a file upload to an existing S3 bucket and object triggers a Lambda function. The stack deploys without errors, however in the UI the connection between the S3 and Lambda resource is not shown, therefore a triggering cannot take place.

I've seen quite a few posts already regarding this topic, all with different flavours to the setup I require. In addition, I have seen the !ImportValue to use, as seen here, however the parameter Bucket is not recognised.

As mentioned already, the S3 bucket and object exist already, so I need to somehow reference an already existing resource in my template.yml. The current status is:

      MyTrigger:
        Type: AWS::Serverless::Function
        Properties:
          FunctionName: !Ref LambdaModuleName
          CodeUri: src/my_module
          Handler: app.lambda_handler
          Runtime: python3.9
          MemorySize: 7500
          Timeout: 600
          ReservedConcurrentExecutions: 1
    
          Policies:
            - AWSLambdaExecute
            - AWSLambdaVPCAccessExecutionRole
            - Statement:
                - Sid: StagingS3DeleteCreate
                  Effect: Allow
                  Action:
                    - s3:DeleteObject*
                    - s3:PutObject*
                  Resource:
                    - arn:aws:s3:::bucket1/folder1/folder2/*
                - Sid: StagingS3List
                  Effect: Allow
                  Action:
                    - s3:List*
                  Resource:
                    - arn:aws:s3:::*
    
      # Permissions
      AllowS3ToCallLambdaPermission:
        Type: AWS::Lambda::Permission
        Properties:
          Action: 'lambda:InvokeFunction'
          FunctionName: !Ref MyTrigger
          Principal: s3.amazonaws.com
          SourceArn: arn:aws:s3:::bucket1/folder1/folder2/

My question is how can deploy a stack and reference this existing bucket and object, so that it triggers the Lambda upon a file upload?

UPDATE

Added:

  StagingBucket:
    Type: "AWS::S3::Bucket"
    DeletionPolicy: Retain
    Properties:
      BucketName: !Ref S3SourceBucket

where:

  S3SourceBucket:
    Type: String
    Default: "mybucket"
pymat
  • 1,090
  • 1
  • 23
  • 45

1 Answers1

1

You have set the IAM permissions, but not actually enabled the notifications.

The S3 Bucket Notification Configuration is a property of the S3 bucket itself. You won't be able to add it to a bucket that is not part of this stack. You can fix this by importing the existing AWS::S3::Bucket resource so that it's part of, and managed by, the stack.

Once the existing bucket has been imported into the stack, you can set its LambdaConfiguration, which tells S3 which Lambda to invoke and when.

fedonev
  • 20,327
  • 2
  • 25
  • 34
  • Thank you for that. I added a bucket resource (see Edit above), but to no avail, as the stack won't deploy. I wanted to add this first before making the link with the Lambda. Do you know where am I going wrong? – pymat Jun 09 '22 at 17:21
  • @pymat Did you follow the resource import instructions linked in the answer? Simply adding an existing bucket by name won't work. Also, bucket names cannot contain the `/` character. – fedonev Jun 09 '22 at 17:38
  • Yes I took a look at that and saw the examples whereby this was incorporated in the template.yml (as per my example) above. I used just the bucket instead of the object too, but it didn't deploy. – pymat Jun 10 '22 at 09:51
  • going by the documentation, I get CREATE_FAILED bucket exists. Obviously the bucket is already there, but I'm not sure why it just doesn't import. In the above, I changed to "Default: bucketxyz" and removed the subfolders. – pymat Jun 10 '22 at 13:26
  • @pymat Importing a resource to a stack involves several steps using the CLI or Console. Specifically, you create and execute a CloudFormation change set of the type `--change-set-type IMPORT`. The docs referenced in the answer have [step-by-step examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-existing-stack.html). – fedonev Jun 13 '22 at 06:50
  • thanks, I created a new ticket that is more specific: https://stackoverflow.com/questions/62548918/specifying-an-s3-bucket-when-deploying-a-cloudformation-template – pymat Jun 14 '22 at 16:27
  • @pymat I have answered your [follow-up question](https://stackoverflow.com/questions/72615501/confusion-with-aws-resources-to-import-and-template-url). – fedonev Jun 17 '22 at 14:09