Disable/Enable Lambda SNS Trigger Programmatically Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Data science time! April 2019 and salary with experience The Ask Question Wizard is Live!How to list triggers associated with AWS Lambda function using Java SDKusing AWS SNS and Lambda - what's the right use case for an activity feedCan an AWS Lambda function call anotherControlling Lambda + Kinesis CostsProgrammatically adding (and enabling) SNS Trigger to Lambda Function in AWSDynamoDB to Kinesis StreamHow can lambda be used to keep DynamoDB and Cloud Search in syncDisable and enable AWS lambda trigger programmaticallyAWS SNS: How to prevent AWS from throwing an Internal Server Error when an ARN is disabled?Kinesis Analytics Destination Guidance: Lambda vs Kinesis Stream to LambdaOnly call Lambda function when Aurora transaction commits, but guarantee call (ACID)
What does the "x" in "x86" represent?
Is there such thing as an Availability Group failover trigger?
Do jazz musicians improvise on the parent scale in addition to the chord-scales?
What causes the direction of lightning flashes?
In what way is everyone not a utilitarian
Has negative voting ever been officially implemented in elections, or seriously proposed, or even studied?
Is there any way for the UK Prime Minister to make a motion directly dependent on Government confidence?
How do I make this wiring inside cabinet safer? (Pic)
Is there a kind of relay only consumes power when switching?
How to Make a Beautiful Stacked 3D Plot
For a new assistant professor in CS, how to build/manage a publication pipeline
Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?
Do I really need recursive chmod to restrict access to a folder?
How come Sam didn't become Lord of Horn Hill?
Does classifying an integer as a discrete log require it be part of a multiplicative group?
Is it fair for a professor to grade us on the possession of past papers?
Uniqueness of spanning tree on a grid.
また usage in a dictionary
Closed form of recurrent arithmetic series summation
8 Prisoners wearing hats
Can a new player join a group only when a new campaign starts?
Is grep documentation wrong?
When was Kai Tak permanently closed to cargo service?
Is it a good idea to use CNN to classify 1D signal?
Disable/Enable Lambda SNS Trigger Programmatically
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Data science time! April 2019 and salary with experience
The Ask Question Wizard is Live!How to list triggers associated with AWS Lambda function using Java SDKusing AWS SNS and Lambda - what's the right use case for an activity feedCan an AWS Lambda function call anotherControlling Lambda + Kinesis CostsProgrammatically adding (and enabling) SNS Trigger to Lambda Function in AWSDynamoDB to Kinesis StreamHow can lambda be used to keep DynamoDB and Cloud Search in syncDisable and enable AWS lambda trigger programmaticallyAWS SNS: How to prevent AWS from throwing an Internal Server Error when an ARN is disabled?Kinesis Analytics Destination Guidance: Lambda vs Kinesis Stream to LambdaOnly call Lambda function when Aurora transaction commits, but guarantee call (ACID)
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I need to programmatically disable a lambda's SNS trigger, however, I seem to be unable to do so. I want this to show "Disabled" in the AWS Lambda console for the function:
Here's the code I've tried:
function updateEndpoints(endpoints, enable)
const promises = [];
endpoints.forEach((endpoint) =>
console.log(`$enable ? 'Enabling' : 'Disabling' Endpoint: $endpoint`);
promises.push(
SNS.setEndpointAttributes(
EndpointArn: endpoint,
Attributes:
Enabled: enable ? 'True' : 'False',
,
).promise()
.catch((e) =>
console.error(`Error $enable ? 'Enabling' : 'Disabling' Endpoint: $endpoint`);
console.error(e);
));
);
return Promise.all(promises);
The endpoint ARN is passed in correctly with a string like (with correct values in place of the <> below):
-
arn:aws:lambda:<region>:<accountId>:function:<functionName>
-
This produces an error from AWS for each endpoint I try to enable or disable:
-
InvalidParameter: Invalid parameter: EndpointArn Reason: Vendor lambda is not of SNS
-
Is it not possible to disable the trigger/endpoint for a lambda via SNS? How would one go about doing this? I would prefer not to have to unsubscribe/subscribe as this would take the subscription objects out of CloudFormation's scope (correct?). I looked at updateEventSourceMappings, however, per the documentation, that only works with DynamoDB streams, Kinesis Streams, and SQS -- not SNS.
amazon-web-services aws-lambda aws-sdk
asked Mar 8 at 18:46
Justin KruseJustin Kruse
303415
add a comment |
I need to programmatically disable a lambda's SNS trigger, however, I seem to be unable to do so. I want this to show "Disabled" in the AWS Lambda console for the function:
Here's the code I've tried:
function updateEndpoints(endpoints, enable)
const promises = [];
endpoints.forEach((endpoint) =>
console.log(`$enable ? 'Enabling' : 'Disabling' Endpoint: $endpoint`);
promises.push(
SNS.setEndpointAttributes(
EndpointArn: endpoint,
Attributes:
Enabled: enable ? 'True' : 'False',
,
).promise()
.catch((e) =>
console.error(`Error $enable ? 'Enabling' : 'Disabling' Endpoint: $endpoint`);
console.error(e);
));
);
return Promise.all(promises);
The endpoint ARN is passed in correctly with a string like (with correct values in place of the <> below):
-
arn:aws:lambda:<region>:<accountId>:function:<functionName>
-
This produces an error from AWS for each endpoint I try to enable or disable:
-
InvalidParameter: Invalid parameter: EndpointArn Reason: Vendor lambda is not of SNS
-
Is it not possible to disable the trigger/endpoint for a lambda via SNS? How would one go about doing this? I would prefer not to have to unsubscribe/subscribe as this would take the subscription objects out of CloudFormation's scope (correct?). I looked at updateEventSourceMappings, however, per the documentation, that only works with DynamoDB streams, Kinesis Streams, and SQS -- not SNS.
amazon-web-services aws-lambda aws-sdk
asked Mar 8 at 18:46
Justin KruseJustin Kruse
303415
add a comment |
I need to programmatically disable a lambda's SNS trigger, however, I seem to be unable to do so. I want this to show "Disabled" in the AWS Lambda console for the function:
Here's the code I've tried:
function updateEndpoints(endpoints, enable)
const promises = [];
endpoints.forEach((endpoint) =>
console.log(`$enable ? 'Enabling' : 'Disabling' Endpoint: $endpoint`);
promises.push(
SNS.setEndpointAttributes(
EndpointArn: endpoint,
Attributes:
Enabled: enable ? 'True' : 'False',
,
).promise()
.catch((e) =>
console.error(`Error $enable ? 'Enabling' : 'Disabling' Endpoint: $endpoint`);
console.error(e);
));
);
return Promise.all(promises);
The endpoint ARN is passed in correctly with a string like (with correct values in place of the <> below):
-
arn:aws:lambda:<region>:<accountId>:function:<functionName>
-
This produces an error from AWS for each endpoint I try to enable or disable:
-
InvalidParameter: Invalid parameter: EndpointArn Reason: Vendor lambda is not of SNS
-
Is it not possible to disable the trigger/endpoint for a lambda via SNS? How would one go about doing this? I would prefer not to have to unsubscribe/subscribe as this would take the subscription objects out of CloudFormation's scope (correct?). I looked at updateEventSourceMappings, however, per the documentation, that only works with DynamoDB streams, Kinesis Streams, and SQS -- not SNS.
amazon-web-services aws-lambda aws-sdk
asked Mar 8 at 18:46
Justin KruseJustin Kruse
303415
I need to programmatically disable a lambda's SNS trigger, however, I seem to be unable to do so. I want this to show "Disabled" in the AWS Lambda console for the function:
Here's the code I've tried:
function updateEndpoints(endpoints, enable)
const promises = [];
endpoints.forEach((endpoint) =>
console.log(`$enable ? 'Enabling' : 'Disabling' Endpoint: $endpoint`);
promises.push(
SNS.setEndpointAttributes(
EndpointArn: endpoint,
Attributes:
Enabled: enable ? 'True' : 'False',
,
).promise()
.catch((e) =>
console.error(`Error $enable ? 'Enabling' : 'Disabling' Endpoint: $endpoint`);
console.error(e);
));
);
return Promise.all(promises);
The endpoint ARN is passed in correctly with a string like (with correct values in place of the <> below):
-
arn:aws:lambda:<region>:<accountId>:function:<functionName>
-
This produces an error from AWS for each endpoint I try to enable or disable:
-
InvalidParameter: Invalid parameter: EndpointArn Reason: Vendor lambda is not of SNS
-
Is it not possible to disable the trigger/endpoint for a lambda via SNS? How would one go about doing this? I would prefer not to have to unsubscribe/subscribe as this would take the subscription objects out of CloudFormation's scope (correct?). I looked at updateEventSourceMappings, however, per the documentation, that only works with DynamoDB streams, Kinesis Streams, and SQS -- not SNS.
amazon-web-services aws-lambda aws-sdk
amazon-web-services aws-lambda aws-sdk
asked Mar 8 at 18:46
Justin KruseJustin Kruse
303415
asked Mar 8 at 18:46
Justin KruseJustin Kruse
303415
asked Mar 8 at 18:46
Justin KruseJustin Kruse
303415
asked Mar 8 at 18:46
Justin KruseJustin Kruse
303415
asked Mar 8 at 18:46
Justin KruseJustin Kruse
303415
303415
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
It appears that there is no capability to "disable" a Lambda subscription to an SNS topic.
I base my reasoning on the follow steps I took:
- Created an AWS Lambda function
- Created an Amazon SNS topic
- Subscribed the Lambda function to the SNS topic (done via the SNS console)
- Confirmed in the Lambda console that the function subscription to SNS is "enabled"
- Ran
aws sns list-subscriptions-by-topic --topic-arn arn:aws:sns:ap-southeast-2:123456789012:my-topic - Saw that the Lambda function was subscribed
The response was:
"Subscriptions": [
"SubscriptionArn": "arn:aws:sns:ap-southeast-2:123456789012:stack:...",
"Owner": "123456789012",
"Protocol": "lambda",
"Endpoint": "arn:aws:lambda:ap-southeast-2:743112987576:function:my-function",
"TopicArn": "arn:aws:sns:ap-southeast-2:123456789012:stack"
]
I then disabled the trigger in the Lambda console and saved the Lambda function. When I re-ran the above command, the results were empty:
"Subscriptions": []
When I enabled it again, the subscription returned.
So, my assumption is that, since the "disable/enable" button actually adds and removes a subscription, there does not appear to be any capability to 'disable' a subscription.
answered Mar 9 at 6:35
John RotensteinJohn Rotenstein
79.3k790140
Thanks John! I confirmed this functionality, too. After reading through your answer, I clicked "disable" in the lambda console, went to the SNS Topic console and saw the subscription was deleted. When I clicked "enable", the subscription was then created. So to do this programmatically, I'll need to use the SNS API subscribe/unsubscribe functions.
– Justin Kruse
Mar 11 at 14:19
add a comment |
I found the (100%) correct way to do this. While the answer from @John Rotenstein could be used, it's not quite right, but should still work.
I found when you click the toggle, the lambda's policy is actually updated:
Enabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Disabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:DisableInvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Notice Action is lambda:InvokeFunction vs. lambda:DisableInvokeFunction.
My process to do this is as follows:
- Lambda.listFunctions
- for each function, Lambda.removePermission
- for each function, Lambda.addPermission
Notes:
- the Lambda api has a default safety throttle of 100 concurrent executions per account per region.
- You can only update resource-based policies for Lambda resources within the scope of the AddPermission and AddLayerVersionPermission API actions. You can't author policies for your Lambda resources in JSON, or use conditions that don't map to parameters for those actions. See docs here
Also, you can use Lambda.getPolicy to see the policy of the lambda to ensure it is updated.
answered Mar 15 at 19:13
Justin KruseJustin Kruse
303415
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55069233%2fdisable-enable-lambda-sns-trigger-programmatically%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It appears that there is no capability to "disable" a Lambda subscription to an SNS topic.
I base my reasoning on the follow steps I took:
- Created an AWS Lambda function
- Created an Amazon SNS topic
- Subscribed the Lambda function to the SNS topic (done via the SNS console)
- Confirmed in the Lambda console that the function subscription to SNS is "enabled"
- Ran
aws sns list-subscriptions-by-topic --topic-arn arn:aws:sns:ap-southeast-2:123456789012:my-topic - Saw that the Lambda function was subscribed
The response was:
"Subscriptions": [
"SubscriptionArn": "arn:aws:sns:ap-southeast-2:123456789012:stack:...",
"Owner": "123456789012",
"Protocol": "lambda",
"Endpoint": "arn:aws:lambda:ap-southeast-2:743112987576:function:my-function",
"TopicArn": "arn:aws:sns:ap-southeast-2:123456789012:stack"
]
I then disabled the trigger in the Lambda console and saved the Lambda function. When I re-ran the above command, the results were empty:
"Subscriptions": []
When I enabled it again, the subscription returned.
So, my assumption is that, since the "disable/enable" button actually adds and removes a subscription, there does not appear to be any capability to 'disable' a subscription.
answered Mar 9 at 6:35
John RotensteinJohn Rotenstein
79.3k790140
Thanks John! I confirmed this functionality, too. After reading through your answer, I clicked "disable" in the lambda console, went to the SNS Topic console and saw the subscription was deleted. When I clicked "enable", the subscription was then created. So to do this programmatically, I'll need to use the SNS API subscribe/unsubscribe functions.
– Justin Kruse
Mar 11 at 14:19
add a comment |
It appears that there is no capability to "disable" a Lambda subscription to an SNS topic.
I base my reasoning on the follow steps I took:
- Created an AWS Lambda function
- Created an Amazon SNS topic
- Subscribed the Lambda function to the SNS topic (done via the SNS console)
- Confirmed in the Lambda console that the function subscription to SNS is "enabled"
- Ran
aws sns list-subscriptions-by-topic --topic-arn arn:aws:sns:ap-southeast-2:123456789012:my-topic - Saw that the Lambda function was subscribed
The response was:
"Subscriptions": [
"SubscriptionArn": "arn:aws:sns:ap-southeast-2:123456789012:stack:...",
"Owner": "123456789012",
"Protocol": "lambda",
"Endpoint": "arn:aws:lambda:ap-southeast-2:743112987576:function:my-function",
"TopicArn": "arn:aws:sns:ap-southeast-2:123456789012:stack"
]
I then disabled the trigger in the Lambda console and saved the Lambda function. When I re-ran the above command, the results were empty:
"Subscriptions": []
When I enabled it again, the subscription returned.
So, my assumption is that, since the "disable/enable" button actually adds and removes a subscription, there does not appear to be any capability to 'disable' a subscription.
answered Mar 9 at 6:35
John RotensteinJohn Rotenstein
79.3k790140
Thanks John! I confirmed this functionality, too. After reading through your answer, I clicked "disable" in the lambda console, went to the SNS Topic console and saw the subscription was deleted. When I clicked "enable", the subscription was then created. So to do this programmatically, I'll need to use the SNS API subscribe/unsubscribe functions.
– Justin Kruse
Mar 11 at 14:19
add a comment |
It appears that there is no capability to "disable" a Lambda subscription to an SNS topic.
I base my reasoning on the follow steps I took:
- Created an AWS Lambda function
- Created an Amazon SNS topic
- Subscribed the Lambda function to the SNS topic (done via the SNS console)
- Confirmed in the Lambda console that the function subscription to SNS is "enabled"
- Ran
aws sns list-subscriptions-by-topic --topic-arn arn:aws:sns:ap-southeast-2:123456789012:my-topic - Saw that the Lambda function was subscribed
The response was:
"Subscriptions": [
"SubscriptionArn": "arn:aws:sns:ap-southeast-2:123456789012:stack:...",
"Owner": "123456789012",
"Protocol": "lambda",
"Endpoint": "arn:aws:lambda:ap-southeast-2:743112987576:function:my-function",
"TopicArn": "arn:aws:sns:ap-southeast-2:123456789012:stack"
]
I then disabled the trigger in the Lambda console and saved the Lambda function. When I re-ran the above command, the results were empty:
"Subscriptions": []
When I enabled it again, the subscription returned.
So, my assumption is that, since the "disable/enable" button actually adds and removes a subscription, there does not appear to be any capability to 'disable' a subscription.
answered Mar 9 at 6:35
John RotensteinJohn Rotenstein
79.3k790140
It appears that there is no capability to "disable" a Lambda subscription to an SNS topic.
I base my reasoning on the follow steps I took:
- Created an AWS Lambda function
- Created an Amazon SNS topic
- Subscribed the Lambda function to the SNS topic (done via the SNS console)
- Confirmed in the Lambda console that the function subscription to SNS is "enabled"
- Ran
aws sns list-subscriptions-by-topic --topic-arn arn:aws:sns:ap-southeast-2:123456789012:my-topic - Saw that the Lambda function was subscribed
The response was:
"Subscriptions": [
"SubscriptionArn": "arn:aws:sns:ap-southeast-2:123456789012:stack:...",
"Owner": "123456789012",
"Protocol": "lambda",
"Endpoint": "arn:aws:lambda:ap-southeast-2:743112987576:function:my-function",
"TopicArn": "arn:aws:sns:ap-southeast-2:123456789012:stack"
]
I then disabled the trigger in the Lambda console and saved the Lambda function. When I re-ran the above command, the results were empty:
"Subscriptions": []
When I enabled it again, the subscription returned.
So, my assumption is that, since the "disable/enable" button actually adds and removes a subscription, there does not appear to be any capability to 'disable' a subscription.
answered Mar 9 at 6:35
John RotensteinJohn Rotenstein
79.3k790140
answered Mar 9 at 6:35
John RotensteinJohn Rotenstein
79.3k790140
answered Mar 9 at 6:35
John RotensteinJohn Rotenstein
79.3k790140
answered Mar 9 at 6:35
John RotensteinJohn Rotenstein
79.3k790140
79.3k790140
Thanks John! I confirmed this functionality, too. After reading through your answer, I clicked "disable" in the lambda console, went to the SNS Topic console and saw the subscription was deleted. When I clicked "enable", the subscription was then created. So to do this programmatically, I'll need to use the SNS API subscribe/unsubscribe functions.
– Justin Kruse
Mar 11 at 14:19
add a comment |
Thanks John! I confirmed this functionality, too. After reading through your answer, I clicked "disable" in the lambda console, went to the SNS Topic console and saw the subscription was deleted. When I clicked "enable", the subscription was then created. So to do this programmatically, I'll need to use the SNS API subscribe/unsubscribe functions.
– Justin Kruse
Mar 11 at 14:19
Thanks John! I confirmed this functionality, too. After reading through your answer, I clicked "disable" in the lambda console, went to the SNS Topic console and saw the subscription was deleted. When I clicked "enable", the subscription was then created. So to do this programmatically, I'll need to use the SNS API subscribe/unsubscribe functions.
– Justin Kruse
Mar 11 at 14:19
Thanks John! I confirmed this functionality, too. After reading through your answer, I clicked "disable" in the lambda console, went to the SNS Topic console and saw the subscription was deleted. When I clicked "enable", the subscription was then created. So to do this programmatically, I'll need to use the SNS API subscribe/unsubscribe functions.
– Justin Kruse
Mar 11 at 14:19
add a comment |
I found the (100%) correct way to do this. While the answer from @John Rotenstein could be used, it's not quite right, but should still work.
I found when you click the toggle, the lambda's policy is actually updated:
Enabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Disabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:DisableInvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Notice Action is lambda:InvokeFunction vs. lambda:DisableInvokeFunction.
My process to do this is as follows:
- Lambda.listFunctions
- for each function, Lambda.removePermission
- for each function, Lambda.addPermission
Notes:
- the Lambda api has a default safety throttle of 100 concurrent executions per account per region.
- You can only update resource-based policies for Lambda resources within the scope of the AddPermission and AddLayerVersionPermission API actions. You can't author policies for your Lambda resources in JSON, or use conditions that don't map to parameters for those actions. See docs here
Also, you can use Lambda.getPolicy to see the policy of the lambda to ensure it is updated.
answered Mar 15 at 19:13
Justin KruseJustin Kruse
303415
add a comment |
I found the (100%) correct way to do this. While the answer from @John Rotenstein could be used, it's not quite right, but should still work.
I found when you click the toggle, the lambda's policy is actually updated:
Enabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Disabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:DisableInvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Notice Action is lambda:InvokeFunction vs. lambda:DisableInvokeFunction.
My process to do this is as follows:
- Lambda.listFunctions
- for each function, Lambda.removePermission
- for each function, Lambda.addPermission
Notes:
- the Lambda api has a default safety throttle of 100 concurrent executions per account per region.
- You can only update resource-based policies for Lambda resources within the scope of the AddPermission and AddLayerVersionPermission API actions. You can't author policies for your Lambda resources in JSON, or use conditions that don't map to parameters for those actions. See docs here
Also, you can use Lambda.getPolicy to see the policy of the lambda to ensure it is updated.
answered Mar 15 at 19:13
Justin KruseJustin Kruse
303415
add a comment |
I found the (100%) correct way to do this. While the answer from @John Rotenstein could be used, it's not quite right, but should still work.
I found when you click the toggle, the lambda's policy is actually updated:
Enabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Disabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:DisableInvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Notice Action is lambda:InvokeFunction vs. lambda:DisableInvokeFunction.
My process to do this is as follows:
- Lambda.listFunctions
- for each function, Lambda.removePermission
- for each function, Lambda.addPermission
Notes:
- the Lambda api has a default safety throttle of 100 concurrent executions per account per region.
- You can only update resource-based policies for Lambda resources within the scope of the AddPermission and AddLayerVersionPermission API actions. You can't author policies for your Lambda resources in JSON, or use conditions that don't map to parameters for those actions. See docs here
Also, you can use Lambda.getPolicy to see the policy of the lambda to ensure it is updated.
answered Mar 15 at 19:13
Justin KruseJustin Kruse
303415
I found the (100%) correct way to do this. While the answer from @John Rotenstein could be used, it's not quite right, but should still work.
I found when you click the toggle, the lambda's policy is actually updated:
Enabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Disabled:
"Version": "2012-10-17",
"Id": "default",
"Statement": [
"Sid": "my-lambda-1552674933742",
"Effect": "Allow",
"Principal":
"Service": "sns.amazonaws.com"
,
"Action": "lambda:DisableInvokeFunction",
"Resource": "arn:aws:lambda:us-west-2:1234567890:function:my-lambda",
"Condition":
"ArnLike":
"AWS:SourceArn": "arn:aws:sns:us-west-2:1234567890:my-lambda"
]
Notice Action is lambda:InvokeFunction vs. lambda:DisableInvokeFunction.
My process to do this is as follows:
- Lambda.listFunctions
- for each function, Lambda.removePermission
- for each function, Lambda.addPermission
Notes:
- the Lambda api has a default safety throttle of 100 concurrent executions per account per region.
- You can only update resource-based policies for Lambda resources within the scope of the AddPermission and AddLayerVersionPermission API actions. You can't author policies for your Lambda resources in JSON, or use conditions that don't map to parameters for those actions. See docs here
Also, you can use Lambda.getPolicy to see the policy of the lambda to ensure it is updated.
answered Mar 15 at 19:13
Justin KruseJustin Kruse
303415
answered Mar 15 at 19:13
Justin KruseJustin Kruse
303415
answered Mar 15 at 19:13
Justin KruseJustin Kruse
303415
answered Mar 15 at 19:13
Justin KruseJustin Kruse
303415
303415
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55069233%2fdisable-enable-lambda-sns-trigger-programmatically%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
