Cross Account + Cross Region Lambda invocation

  • Invoker function
import json
import boto3
def lambda_handler(event, context):
# mention cross region here
client = boto3.client('lambda', region_name='us-west-1')
# function you need to invoke from cross account/region
response = client.invoke(FunctionName='arn:aws:lambda:us-west-1:110987654321:function:invokee', InvocationType='RequestResponse')

responsefinal = json.load(response['Payload'])
print(responsefinal)
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda from invoker function!')
}
  • Invokee function
import json
import boto3
def lambda_handler(event, context):
# TODO implement
boto3.client('lambda',region_name='us-west-1')
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda from invokee!')
}
{
"Version": "2012–10–17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::110987654321:role/service-role/invokee-role"
}
}
{
"Version": "2012–10–17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789101:role/service-role/invoker-function-eu-west2-role"
},
"Action": "sts:AssumeRole"
}
]
}
{
"Version": "2012–10–17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789101:role/service-role/invoker-function-eu-west2-role"
},
"Action": "sts:AssumeRole"
}
]
}
  • Go to the Permissions tab of the Invokee function and go to Resource policy and add the following:
    Statement ID: any unique ID
    Principal: arn:aws:iam::123456789101:role/service-role/invoker-function-eu-west2-role
    Action: lambda:InvokeFunction
{
"Version": "2012–10–17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:*:*:*"
}
]
}

--

--

--

Cloud Architect | DevOps Practitioner | Learner

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Scrum Toolkit: Agile Estimation Technique by Compare

Why Scrum Isn’t Always The Best Method, Lessons Learned at Facebook w/Nimrod Priell

LeetCode — Non-negative Integers without Consecutive Ones

Bug: Sitecore SXA 10.0–10.1.2 Multisite Link Provider

LeetCode — Rotate List

Logical vs. Syntactical Errors in Code

About the prefetch count in RabbitMQ…

Making the Software Interview Work for You — Tip #1

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Atit Shah

Atit Shah

Cloud Architect | DevOps Practitioner | Learner

More from Medium

Setting Up a Load Balancer With HAProxy

API Gateway — Custom Authorizer arn changes not reflecting — Authorizer Error

Implementing trust for your enterprise API’s

Securing Large API Ecosystems