Amazon S3 triggering another a Lambda function in another account

Question

I want to run a lambda in Account B when any object comes into Account A S3 bucket.

But I heard that we can access Lambda from the same account S3 only, for cross-ac

Answer 1

I managed to successfully trigger an AWS Lambda function in Account B from an upload to an Amazon S3 bucket in Account A.

Account-A.S3-bucket -> Account-B.Lambda-function

Here's what I did:

• Created the Amazon S3 bucket in Account A
• Created the Lambda function in Account B
• Added a Resource-Based Policy for AWS Lambda to the Lambda function via the AWS Command-Line Interface (CLI) that allowed the S3 bucket to call lambda:InvokeFunction on the Lambda function
• Added a Bucket Policy to the S3 bucket to permit GetObject access from anywhere (this should be locked-down further, but was sufficient for the experiment)
• Configured an Event for ObjectCreate (All) on the S3 bucket, referencing the Lambda function via its ARN
• Uploaded a file to the Account-A.S3-bucket
• The Account-B.Lambda-function was successfully triggered

I then repeated the experiment with the bucket in a different region and it failed, saying:

The notification destination service region is not valid for the bucket location constraint