问题
My company manages AWS using a multi-account system. I have a lambda function in account A and a DynamoDB table with a Stream enabled in account B. I want the stream events to trigger my function.
When I run:
aws lambda create-event-source-mapping --event-source-arn arn:aws:dynamodb:us-east-1:101010101:table/table/stream/2016-08-09T23:00:46.852 --function-name Lambda-qa --enabled --batch-size 10 --starting-position TRIM_HORIZON
I get the following error: An error occurred (InvalidParameterValueException) when calling the CreateEventSourceMapping operation: Role and event source must be in the same account as the cloud function
Looks like the Lambda function and DynamoDB stream have to be in the same account. But can read the the DynamoDB stream in accountA from accountB through some other means? A redirection, SNS, SQS, S3 or a custom app.
回答1:
Unfortunately, no.
From AWS docs:
"Important
You must create a DynamoDB table in the same region where you created the Lambda function. This tutorial assumes the US East (N. Virginia) region. In addition, both the table and the Lambda functions must belong to the same AWS account."
(emphasis added)
Reference: http://docs.aws.amazon.com/lambda/latest/dg/with-ddb-configure-ddb.html
来源:https://stackoverflow.com/questions/38863491/it-is-possible-to-access-aws-dynamodb-streams-accross-accounts