Can't add s3 notification for lambda using boto3

amazon-web-services amazon-s3 aws-lambda boto3

10,774

One has to add permissions on the lambda end to allow S3 to invoke the lambda function. Beware, if you manually create the event source mapping using the AWS Lambda GUI and then delete the event source mapping, the permission still exists! So you won't get the above error.

However, if you start from scratch and then try to add the notification, the above error will occur.

Permissions are added by:

 client = ...boto3 lambda client
 response = client.add_permission(
     FunctionName=lambda_name,
     StatementId='1',
     Action='lambda:InvokeFunction',
     Principal='s3.amazonaws.com',
     SourceArn=s3_arn,
     SourceAccount='66666666666'
 )

10,774

Author by

RAbraham

I like programming not for the technology aspect but more for how I can use it to communicate the intent of the code easily to decompose a problem into sub-problems beautifully to create maintainable software to design complex systems Hence my interests lie in topics of: Flow Based Programming TDD Functional Programming( MIT Scheme, Scala) DSLs Some books which have influenced me: Refactoring book by Martin Fowler Code Complete Structure and Interpretation of Computer Programs(SICP) Growing Object Oriented Software via tests People who inspire me: Alan Kay

Updated on June 04, 2022

Comments

RAbraham almost 2 years

I want to use boto3 to configure an s3 bucket to invoke an AWS lambda every time an object is created in that bucket. Here is my code:

s3 = ..boto3 resource
bucket_notification = s3.BucketNotification(bucket_name)
lambda_arn = .. arn for lambda

response = bucket_notification.put(
   NotificationConfiguration={'LambdaFunctionConfigurations': [
      {
                'LambdaFunctionArn': lambda_arn,
                'Events': [
                    's3:ObjectCreated:*'
                ],

      },
]})

I get the error:

botocore.exceptions.ClientError: An error occurred (InvalidArgument) when calling the PutBucketNotificationConfiguration operation: Unable to validate the following destination configurations

Lee Netherton over 7 years

Thanks. This saved me a lot of headache. Also, if you are using CloudFormation to deploy your lambda function, then you can add the required permission straight from the template: docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/…
3cheesewheel over 7 years

+1 for this. Ran into the same issue trying to add an s3 notification for an SQS queue; it started working after I added the right permissions/policy on the SQS end.