299345 (2) [Avatar] Offline
#1
When I configure S3 event to send to Lambda, it says it doesn't have permission to invoke Lambda. But when I configured Trigger from Lambda console, it worked. Should we configure a permission before we configure S3 event?
Peter Sbarski (15) [Avatar] Offline
#2
Hi, no, you shouldn't have to configure permissions to trigger a Lambda function from S3. Permissions should be granted to you automatically when you configure the event in S3. Does this happen all the time to you? Would you be able to post a screenshot?

Thanks,
Peter
460353 (5) [Avatar] Offline
#3
The same happened for me. I had to add the trigger from the lambda side, which created the necessary permission.

As far as I can tell, the end result is the same.

Essentially the same as this:

https://forums.aws.amazon.com/thread.jspa?threadID=182758

Edward J. Stembler (7) [Avatar] Offline
#4
I'm getting the same error when I try to save the event:

Unable to validate the following destination configurations. Not authorized to invoke function [arn:aws:lambda:us-east-1:nnnn:function:transcode-video]. (arn:aws:lambda:us-east-1:nnnn:function:transcode-video, null)


It doesn't let me continue...
Edward J. Stembler (7) [Avatar] Offline
#5
Maybe things have changed? I found this on the AWS docs:

Step 3.1: Add Permissions to the Lambda Function's Access Permissions Policy

This illustrates how to do this via the CLI. I didn't see a way to do the equivalent via the Console...

Peter Sbarski wrote:Hi, no, you shouldn't have to configure permissions to trigger a Lambda function from S3. Permissions should be granted to you automatically when you configure the event in S3. Does this happen all the time to you? Would you be able to post a screenshot?

Thanks,
Peter
Peter Sbarski (15) [Avatar] Offline
#6
Hi everyone, it seems that this issue happens the very first time you set up S3 to invoke Lambda. It seems to be a bit of a bug with the S3 console so I have added a note about it to chapter 3. Please see instructions below.

Permissions error
If this is your first time connecting S3 to Lambda, you may see a permissions error. If that happens, you'll need to use Lambda’s console to set up the event instead:
- In the AWS console click Lambda.
- Select the transcode-video function.
- Select the Triggers tab.
- Select Add trigger.
- Click on the box in the popup and select S3.
- Select the upload bucket and set event type as Object Created (All).
- Select Submit to finish.

(And, once you have followed the above steps, you'll be able to connect S3 to Lambda as per all other instructions in the book. Everything should work)
Edward J. Stembler (7) [Avatar] Offline
#7
That worked, thanks!

Peter Sbarski wrote:Hi everyone, it seems that this issue happens the very first time you set up S3 to invoke Lambda. It seems to be a bit of a bug with the S3 console so I have added a note about it to chapter 3. Please see instructions below.

Permissions error
If this is your first time connecting S3 to Lambda, you may see a permissions error. If that happens, you'll need to use Lambda’s console to set up the event instead:
- In the AWS console click Lambda.
- Select the transcode-video function.
- Select the Triggers tab.
- Select Add trigger.
- Click on the box in the popup and select S3.
- Select the upload bucket and set event type as Object Created (All).
- Select Submit to finish.

(And, once you have followed the above steps, you'll be able to connect S3 to Lambda as per all other instructions in the book. Everything should work)
Claudio Rodriguez (1) [Avatar] Offline
#8
Peter Sbarski wrote:Hi everyone [edited]


Thanks Peter this worked perfectly, I'm using serverless to do this for me, it looks something like this:

package:
  individually: true
  exclude:
    - ./**

plugins:
 - serverless-external-s3-event

service: transcode-video

provider:
  name: aws
  runtime: nodejs6.10
  region: us-east-1
  iamRoleStatements:
    -  Effect: "Allow"
       Action:
         - "s3:PutBucketNotification"
       Resource:
         Fn::Join:
           - ""
           - "arn:aws:s3:::serverless-video-upload-cbrr"

functions:
  TranscodeVideo:
    handler: handler.TranscodeVideo
    role: arn:aws:iam::therolestuff
    package:
      include:
        - handler.js
        - serverless.yml
    events:
      - existingS3:
          bucket: serverless-video-upload-cbrr
          event: s3:ObjectCreated:*
          rules:
            - prefix: videos/
    memorySize: 128
    timeout: 15


Which is the same process you mentioned.