Amazon S3 can publish events (for example, when an object is created in a bucket) to AWS Lambda and invoke your Lambda function by passing the event data as a parameter. This integration enables you to write Lambda functions that process Amazon S3 events. In Amazon S3, you add bucket notification configuration that identifies the type of event that you want Amazon S3 to publish and the Lambda function that you want to invoke.
Note the following about how the Amazon S3 and AWS Lambda integration works:
- Non-stream based (async) model – This is a model (see AWS Lambda Event Source Mapping), where Amazon S3 monitors a bucket and invokes the Lambda function by passing the event data as a parameter. In a push model, you maintain event source mapping within Amazon S3 using the bucket notification configuration. In the configuration, you specify the event types that you want Amazon S3 to monitor and which AWS Lambda function you want Amazon S3 to invoke. For more information, see Configuring Amazon S3 Event Notifications in the Amazon Simple Storage Service Developer Guide.
- Asynchronous invocation – AWS Lambda invokes a Lambda function using the
Eventinvocation type (asynchronous invocation). For more information about invocation types, see Invocation Types. - Event structure – The event your Lambda function receives is for a single object and it provides information, such as the bucket name and object key name.
Note that there are two types of permissions policies that you work with when you set up the end-to-end experience:
- Permissions for your Lambda function – Regardless of what invokes a Lambda function, AWS Lambda executes the function by assuming the IAM role (execution role) that you specify at the time you create the Lambda function. Using the permissions policy associated with this role, you grant your Lambda function the permissions that it needs. For example, if your Lambda function needs to read an object, you grant permissions for the relevant Amazon S3 actions in the permissions policy. For more information, see Manage Permissions: Using an IAM Role (Execution Role).
- Permissions for Amazon S3 to invoke your Lambda function – Amazon S3 cannot invoke your Lambda function without your permission. You grant this permission via the permissions policy associated with the Lambda function.
The following diagram summarizes the flow:
![[Image NOT FOUND]](http://docs.aws.amazon.com/lambda/latest/dg/images/push-s3-example-10.png)
-
User uploads an object to an S3 bucket (object-created event).
-
Amazon S3 detects the object-created event.
-
Amazon S3 invokes a Lambda function that is specified in the bucket notification configuration.
-
AWS Lambda executes the Lambda function by assuming the execution role that you specified at the time you created the Lambda function.
-
The Lambda function executes.
Topics