Check your IAM permissions

62 views
Skip to first unread message

Eric Hammond

unread,
Jul 9, 2015, 9:18:23 PM7/9/15
to unreliable...@googlegroups.com
If you subscribe an AWS Lambda function or SQS queue to the Unreliable Town Clock SNS Topic, and you don't see the chime messages coming in, double check your IAM permissions to make sure that the SNS Topic has the ability to invoke your function or post to your queue.


Somebody subscribed an SQS queue without the right permissions and delivery attempts have been failing every 15 minutes for a bit over 24 hours.

I don't think the failed attempts hurt anything, so I'll leave the subscription alive for now.

-- 
Eric Hammond

Sitapati Das

unread,
Aug 15, 2015, 10:17:17 PM8/15/15
to Unreliable Town Clock
I'm not seeing any chimes at my lambda function. 

I followed the instructions and seem to be subscribed and have the right permissions granted...

$ aws lambda get-policy --function-name atma_town_clock

{

    "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Condition\":{\"ArnLike\":{\"AWS:SourceArn\":\"arn:aws:sns:us-east-1:522480313337:unreliable-town-clock-topic-178F1OQACHTYF\"}},\"Action\":\"lambda:InvokeFunction\",\"Resource\":\"arn:aws:lambda:us-east-1:890143344339:function:atma_town_clock\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"sns.amazonaws.com\"},\"Sid\":\"BF4F4DC8-5B7C-410D-B5D5-E45C37571BF9\"}],\"Id\":\"default\"}"

}



     {

            "Owner": "890143344339", 

            "Endpoint": "arn:aws:lambda:us-east-1:890143344339:function:atma_town_clock", 

            "Protocol": "lambda", 

            "TopicArn": "arn:aws:sns:us-east-1:522480313337:unreliable-town-clock-topic-178F1OQACHTYF", 

            "SubscriptionArn": "arn:aws:sns:us-east-1:522480313337:unreliable-town-clock-topic-178F1OQACHTYF:9e0d1079-b58f-4856-ab57-3577fd0f14cb"

        }, 

Reply all
Reply to author
Forward
0 new messages