I have a lambda function in Account A which will retrieve data from a source. This lambda will then need to trigger off a lambda in Account B in order to pass this data to it which then will be uploaded to DynamoDB.
I understand there will be some sort of cross-account-permissions required but am a little unsure if i need to allow these permission in Account A or Account B. I can see on AWS examples of triggering a lambda from an S3 bucket but that’s not helping with what I want to do.
I could potentially have an API Gateaway in the middle for Lambda A to interact with Lambda B but that’s just adding an extra resource that’s not really required.
2
Answers
Your AWS Lambda function in account A would call the
Lambda.invoke()method in the AWS SDK for whatever programming language you are writing the Lambda function with.Account B Lambda is the one being called, so Account B has to give permission to Account A to make that call.
Here you got an example of cross-account permissions with lambda function: https://yogeshnile.cloud/configure-a-lambda-function-to-assume-an-iam-role-in-another-aws-account-e005e7533a71
Trigger Lambda in Account B from Lambda in Account A-> Lambda.invoke()Btw, you don’t need the lambda function in account B – you can add permissions to your DynamoDB table to
assumed role, so your lambda from account A will be able to write data directly into DynamoDB on account B.