Trigger Lambda Functions Using Amazon SQS in a Different Account

February 3, 2022

Trigger Lambda Functions Using Amazon SQS in a Different Account

Previously, it was only possible to trigger Lambda functions from SQS queues in the same account only. To send data across different accounts, AWS CLI was the only way possible which was kind of tedious.

AWS now allows to trigger Lambda function using SQS queues from different accounts. With certain Lambda function’s execution role permissions and SQS grant cross-account access permissions to Lambda this is easily achievable.

Steps to Configure

Note: Make sure that Lambda function and SQS queue are in same region, though they can be in different account.

1. To get start with, Create an SQS Queue in Account A which will act as an event source for the Lambda function.

While Queue creation,

Set the queue’s Visibility Timeout to at least six times the timeout that you have configured on your Lambda function so that Lambda function’s time can process each message. 

2. Under Access Policy, choose method as Basic

Basic method consists of two definitions

  1. a) Send Messages to the Queue
  2. b) Receive Messages from the Queue.
  3. For Send Messages definition choose Only the queue owner
  4. For Receive Messages definition choose Only the specified AWS accounts, IAM users and roles.
  5. In the dialog box which appears, Enter Account ID/ ARN/ IAM user of the Account B in which the Lambda Function is created.
  6.  After adding the Accounts B details in dialog box, Select Advanced method in order to add policy to Queue which will grant the cross-account Under the JSON object Action, add “SQS:GetQueueAttributes
  7. Scroll down and Click Create Queue. Following Queue will be created.
  8. Create Lambda Function in Account B using the runtime environment of your choice.In code print(event) to view the details of Lambda function triggers.
  9. The Lambda function will need certain permissions to manage the messages in SQS. Go to Configuration on Lambda console and click on Permissions on the left.
    Open the link under the Execution Role and attach the role AWSLambdaSQSQueueExecutionRole. The attached role has 3 main policies
    SQS:ReceiveMessage
    SQS:DeleteMessage
    SQS:GetQueueAttributes
  10. On the Lambda function overview tab, Click +Add trigger. Select SQS from dropdown and in SQS queue box enter the ARN of queue from Account A which the queue was created with cross-account permissions and lastly click Add.
  11. Wait until the added Trigger gets enabled. Confirm the enabling by going to Configuration section and selecting Triggers. Under Triggers section find all the Lambda function triggers which have been added.

Testing: –

  1. On SQS Queue window in source account (Account A), click on Send and Receive Messages.
    In the message body enter the message. There is an option to send the messages in the form of attributes as well. After entering the message click Send Message.
  2. After clicking Send Messages, the message is sent to the Lambda function which is in different account (Account B). The function gets triggered once it receives the message from SQS Queue. To confirm that Lambda trigger and message received, click on Monitor section, and click on View Logs in CloudWatch.
  3. In CloudWatch Log streams you can confirm the message send from the source account (Account A).

Written by – Chaitanya Suhas Karadkhedkar

Cloud Computing Insights and Resources

What is a Hybrid Cloud Strategy? What are its Advantages?

A hybrid cloud strategy is a method that companies use to decide which portions of hybrid cloud infrastructure are most …

What is a Hybrid Cloud Strategy? What are its Advantages? Read More »

AWS Launches the Second Infrastructure Region in India – Hyderabad

On November 22, 2022, AWS launched its new AWS region in Hyderabad. The AWS Asia-Pacific Hyderabad region is the second …

AWS Launches the Second Infrastructure Region in India – Hyderabad Read More »

Three Ways Cloud is Improving Customer Experience

Three Ways Cloud is Improving Customer Experience 

Ever since the cloud rose to popularity in the 2000s owing to its various advantages over traditional computing, businesses have …

Three Ways Cloud is Improving Customer Experience  Read More »