Trigger Lambda Functions Using Amazon SQS in a Different Account

February 3, 2022

Trigger Lambda Functions Using Amazon SQS in a Different Account

Previously, it was only possible to trigger Lambda functions from SQS queues in the same account only. To send data across different accounts, AWS CLI was the only way possible which was kind of tedious.

AWS now allows to trigger Lambda function using SQS queues from different accounts. With certain Lambda function’s execution role permissions and SQS grant cross-account access permissions to Lambda this is easily achievable.

Steps to Configure

Note: Make sure that Lambda function and SQS queue are in same region, though they can be in different account.

1. To get start with, Create an SQS Queue in Account A which will act as an event source for the Lambda function.

While Queue creation,

Set the queue’s Visibility Timeout to at least six times the timeout that you have configured on your Lambda function so that Lambda function’s time can process each message. 

2. Under Access Policy, choose method as Basic

Basic method consists of two definitions

  1. a) Send Messages to the Queue
  2. b) Receive Messages from the Queue.
  3. For Send Messages definition choose Only the queue owner
  4. For Receive Messages definition choose Only the specified AWS accounts, IAM users and roles.
  5. In the dialog box which appears, Enter Account ID/ ARN/ IAM user of the Account B in which the Lambda Function is created.
  6.  After adding the Accounts B details in dialog box, Select Advanced method in order to add policy to Queue which will grant the cross-account Under the JSON object Action, add “SQS:GetQueueAttributes
  7. Scroll down and Click Create Queue. Following Queue will be created.
  8. Create Lambda Function in Account B using the runtime environment of your choice.In code print(event) to view the details of Lambda function triggers.
  9. The Lambda function will need certain permissions to manage the messages in SQS. Go to Configuration on Lambda console and click on Permissions on the left.
    Open the link under the Execution Role and attach the role AWSLambdaSQSQueueExecutionRole. The attached role has 3 main policies
    SQS:ReceiveMessage
    SQS:DeleteMessage
    SQS:GetQueueAttributes
  10. On the Lambda function overview tab, Click +Add trigger. Select SQS from dropdown and in SQS queue box enter the ARN of queue from Account A which the queue was created with cross-account permissions and lastly click Add.
  11. Wait until the added Trigger gets enabled. Confirm the enabling by going to Configuration section and selecting Triggers. Under Triggers section find all the Lambda function triggers which have been added.

Testing: –

  1. On SQS Queue window in source account (Account A), click on Send and Receive Messages.
    In the message body enter the message. There is an option to send the messages in the form of attributes as well. After entering the message click Send Message.
  2. After clicking Send Messages, the message is sent to the Lambda function which is in different account (Account B). The function gets triggered once it receives the message from SQS Queue. To confirm that Lambda trigger and message received, click on Monitor section, and click on View Logs in CloudWatch.
  3. In CloudWatch Log streams you can confirm the message send from the source account (Account A).

Written by – Chaitanya Suhas Karadkhedkar

Cloud Computing Insights and Resources

Challenges Faced by Gaming Companies While Adopting Cloud Services

Challenges Faced by Gaming Companies While Adopting Cloud Services 

With the advancement in technology and the progress in cloud infrastructure, the cloud gaming industry is growing at a lightning …

Challenges Faced by Gaming Companies While Adopting Cloud Services  Read More »

5 Trends in Data Analytics Impacting the Cloud World 

5 Trends in Data Analytics Impacting the Cloud World 

What is Cloud data & analytics?  Cloud analytics is the process of analysing data stored in the cloud. It is …

5 Trends in Data Analytics Impacting the Cloud World  Read More »

How Microsoft Azure Cloud Services Different From Competitors

How Microsoft Azure Cloud Services is Different From its Competitors?

Microsoft Azure is one of the eminent cloud computing platforms in the market created by Microsoft for building, deploying, and …

How Microsoft Azure Cloud Services is Different From its Competitors? Read More »