Multiple triggers on S3 bucket?

Scratching my head on this one, maybe it's not possible but I can't see why not if so.

I have an S3 bucket with two event notifications configured.

The first is for Put of objects with prefix 'CB' and suffix '.eml'. The target is a lambda function called 'Reporter'.
The second is for Put and Delete of objects with prefix 'CB' and suffix '.zip'. The target is a lambda function called 'Launcher'.

The second works fine: the Launcher function is called with the correct event when a matching object is added or removed from the bucket. However the first one never fires, as there are no log streams generated in the log group for the lambda function.

Is there any obvious reason? e.g. only one trigger is allowed per bucket? I don't really know how to troubleshoot this further, as there are no logs that I'm aware of that would contain a "trigger failed" entry.

The configuration looks fine:

$ aws s3api get-bucket-notification-configuration --bucket <bucket_name>
{
    "LambdaFunctionConfigurations": [
        {
            "Id": "Launch/Terminate trigger",
            "LambdaFunctionArn": "arn:aws:lambda:eu-west-1:<acc_id>:function:Launcher",
            "Events": [
                "s3:ObjectCreated:*",
                "s3:ObjectRemoved:*"
            ],
            "Filter": {
                "Key": {
                    "FilterRules": [
                        {
                            "Name": "Prefix",
                            "Value": "CB"
                        },
                        {
                            "Name": "Suffix",
                            "Value": ".zip"
                        }
                    ]
                }
            }
        },
        {
            "Id": "Email trigger",
            "LambdaFunctionArn": "arn:aws:lambda:eu-west-1:<acc_id>:function:Reporter",
            "Events": [
                "s3:ObjectCreated:*"
            ],
            "Filter": {
                "Key": {
                    "FilterRules": [
                        {
                            "Name": "Prefix",
                            "Value": "CB"
                        },
                        {
                            "Name": "Suffix",
                            "Value": ".eml"
                        }
                    ]
                }
            }
        }
    ]
}

The S3 permissions on each of the target lambda functions are also OK:

Reporter lambda permissions:

Statement ID trigger-Reporter
Principal s3.amazonaws.com
Effect Allow
Action lambda:InvokeFunction
Conditions
{
  "ArnLike": {
        "AWS:SourceArn": "arn:aws:s3:::<bucket_name>"
  }
}

Launcher lambda permissions:

Statement ID trigger-Launcher
Principal s3.amazonaws.com
Effect Allow
Action lambda:InvokeFunction
Conditions
{
  "ArnLike": {
        "AWS:SourceArn": "arn:aws:s3:::<bucket_name>"
  }
}

Thanks,

David

Topics

Storage Serverless Compute

Tags

Amazon Simple Storage Service AWS Lambda

Language

English

dmb0058

asked a month ago406 views

2 Answers

Newest
Most votes
Most comments

Accepted Answer

Hello.

I tested it with the same settings as below in my AWS account.
It was confirmed that when the file "CB-test.eml" is uploaded, the Lambda function "testfunc" runs, and when the file "CB-test.zip" is uploaded, the Lambda function "s3test" runs.
Therefore, I don't think there is any problem with multiple settings.
There may be a problem with the file name you are uploading.

{
    "LambdaFunctionConfigurations": [
        {
            "Id": "test",
            "LambdaFunctionArn": "arn:aws:lambda:ap-northeast-1:111111111111:function:s3test",
            "Events": [
                "s3:ObjectCreated:*",
                "s3:ObjectRemoved:*"
            ],
            "Filter": {
                "Key": {
                    "FilterRules": [
                        {
                            "Name": "Prefix",
                            "Value": "CB"
                        },
                        {
                            "Name": "Suffix",
                            "Value": ".zip"
                        }
                    ]
                }
            }
        },
        {
            "Id": "test1",
            "LambdaFunctionArn": "arn:aws:lambda:ap-northeast-1:111111111111:function:testfunc",
            "Events": [
                "s3:ObjectCreated:*"
            ],
            "Filter": {
                "Key": {
                    "FilterRules": [
                        {
                            "Name": "Prefix",
                            "Value": "CB"
                        },
                        {
                            "Name": "Suffix",
                            "Value": ".eml"
                        }
                    ]
                }
            }
        }
    ]
}

EXPERT

Riku_Kobayashi

answered a month ago

EXPERT

Oleksii Bebych

reviewed a month ago

EXPERT

SriniV

reviewed a month ago

EXPERT

iBehr

reviewed a month ago

EXPERT

Didier_Durand

reviewed a month ago

dmb0058
a month ago
That's good news - at least it confirms that my understanding of how it should work is correct, and I'm not going crazy :)

I think you're right that the event filter isn't being matched and I'll re-check this again. It did occur to me earlier that the filename might have a hidden space or control character as the first character or something like that, but I haven't found a problem so far.

David

I found the (self-inflicted) answers to my problem so I thought I'd put it here in case it helps anyone.

The Reporter lambda probably was being called, but it had a syntax error (a class I hadn't imported after the last change). I discovered this when I re-ran my test code from the lambda dashboard;
Once the error was fixed, the lambda ran (it delivered the expected email) but produced no CloudWatch log streams. This was because the lambda's IAM role didn't include a policy that would give it permission to create or write to Cloud Watch. Once I added "CloudWatchFullAccessV2" everything worked as expected.

Pilot error again :)

David

dmb0058

answered a month ago

Relevant content

Trigger Glue Crawler with S3 bucket event
Accepted Answer
Samdani
asked 10 months ago
"Bucket name already exists", but it is not listed on the S3 Mgmt Console
RizlanShah
asked 6 years ago
Why is CloudFront returning 403 on two specific files in my S3 bucket?
Accepted Answer
Amelo
asked 4 months ago
Is it not possible download all files from one S3 bucket?
rePost-User-4022341
asked 2 years ago
How can I use CloudFormation to create an Amazon S3 notification configuration for Lambda on an existing S3 bucket?
AWS OFFICIALUpdated a year ago
Why can't I copy an object between two Amazon S3 buckets?
AWS OFFICIALUpdated a year ago
Why do I get the error "Configuration is ambiguously defined" when creating an Amazon S3 event notification to trigger my Lambda function?
AWS OFFICIALUpdated 2 years ago
How can I use a CloudFormation resource import to create an Amazon S3 notification configuration for Lambda on an existing S3 bucket?
AWS OFFICIALUpdated 2 years ago
Unable to access the S3 bucket after the IAM user was recreated
EXPERT
Tyler
published 2 months ago
Cost effective methods for accessing S3 buckets cross-region
EXPERT
AWS-User-5738042
published 4 days ago