Setting Up Lambda Functions with S3 Event Triggers

1 hour
  • 8 Learning Objectives

About this Hands-on Lab

Lambda event triggers are extremely useful for automating serverless workflow, as they help trigger Lambda code/logic and have use cases from monitoring to processing online purchase orders and emailing receipts. In this lab, we’ll create a Lambda function from scratch and create an S3 event trigger to execute our Lambda logic.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create IAM Role for Lambda
  1. Create an IAM role for Lambda using the AWS IAM CLI command:

    aws iam create-role --role-name LambdaIAMRole --description "Lambda Role" --assume-role-policy-document file://lambda_assume_role_policy.json --region us-east-1
Create a Policy for the Lambda Function and Attach It to Role
  1. Add a policy:

    aws iam create-policy --policy-name LambdaRolePolicy --policy-document file://lambda_execution_policy.json --region us-east-1
  2. Attach the policy to the role, replacing <POLICY_ARN> with the policy ARN included in the output of the previous command:

    aws iam attach-role-policy --role-name "LambdaIAMRole" --policy-arn <POLICY_ARN> --region us-east-1
Create SNS Topic and Subscribe Your Email Address to It
  1. Create topic:

    aws sns create-topic --name LambdaTopic --region us-east-1
  2. Subscribe an endpoint — for example, your email address — to your topic so that when you publish to the topic, notifications will be sent to your email address. Replace <TOPIC_ARN> with the topic ARN included in the output of the previous command:

    aws sns subscribe --protocol "email" --topic-arn <TOPIC_ARN> --notification-endpoint <EMAIL_ADDRESS> --region us-east-1
  3. Confirm the subscription by clicking on the link in the email you receive after executing the previous command.

Modify Lambda Function with SNS Topic ARN and Zip it into Lambda Deployment Package
  1. Open the file:

  2. Zip the file:

Create Lambda Function
  1. Create a Lambda function, replacing <ROLE_ARN> with yours:
aws lambda create-function --memory-size 128 --function-name my-lambda --runtime python3.7 --handler lambda_function.lambda_handler --zip-file fileb:// --role <ROLE_ARN>
Add Lambda Permission for S3 Service to Invoke Function
  1. Add Lambda permission, replacing <ARN_S3_BUCKET> with the ARN of the S3 bucket provided on the lab page:

    aws lambda add-permission --action lambda:InvokeFunction --principal --statement-id LabS3Trigger --function-name my-lambda --source-arn "<ARN_S3_BUCKET>"
Enable and Add Notification Configuration to S3 Bucket
  1. Open the bucket-trigger-notification.json file:

    vim bucket-trigger-notification.json
  2. Add your Lambda function ARN, which was included in the output when you created your Lambda function.

  3. Enable the notification configuration on the S3 website bucket, replacing <S3_BUCKET_NAME> with the bucket name provided on the lab page:

     aws s3api put-bucket-notification-configuration --bucket <S3_BUCKET_NAME> --notification-configuration file://bucket-trigger-notification.json
Verify Configuration by Uploading a File to Provided S3 Bucket
  1. Upload a file to the bucket, replacing S3_BUCKET_NAME with the bucket name provided on the lab page:

    aws s3 cp lambda_policy.json s3://<S3_BUCKET_NAME>
  2. Once it’s successfully uploaded, check your email. If everything was set up properly and you subscribed to the SNS topic via email, you should receive a notification email with details of the file uploaded to the S3 bucket.

Additional Resources

You've been tasked with notifiying your on-call teams when a certain alarming action occurs within your application. This notification method has to be completely automated and should trigger a function within your environment to take the proper actions to rectify it.

In this lab, remember to note down the following values as you go along executing commands:<br/>

  1. IAM role ARN
  2. IAM policy ARN
  3. Lambda function ARN

You'll need to use the values of the above ARNs in other commands.

Files required for this lab will automatically be downloaded and provided on the spun-up VM with the lag. However, they can also be viewed and pulled down using git clone from:

To begin, open a terminal session and log in to the provided EC2 instance via SSH using the credentials provided:

ssh cloud_user@<PUBLIC IP>

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?