Michał Sakowicz avatar.

Michał Sakowicz

Software craftsman. Hooked on distributed systems. Proponent of simplicity. Bigger picture advocate.

GitHub  |  LinkedIn  |  Twitter  |  RSS  |  Contact

AWS Lambda - how to add S3 trigger using command line

Posted by Michał Sakowicz on 07 April, 2018

Adding new trigger to Lambda function through AWS CLI is two step operation. First we need to grant S3 execution rights to our Lambda function and then configure S3 notification itself.

To add permissions, we can use following:

aws lambda add-permission `
--function-name aws-lambda-function-name  `
--action lambda:InvokeFunction `
--principal s3.amazonaws.com `
--source-arn arn-of-s3-bucket `
--statement-id 1

The --statement-id (SID) - in this case is just unique identifier of policy and it can be anything. Additionally, following commands will allow us to list and remove policies attached to our function:

aws lambda get-policy --function-name aws-lambda-function-name

aws lambda remove-permission --function-name aws-lambda-function-name --statement-id 1

If there is no policy attached we get ResourceNotFoundException.

To configure S3 notification we use following command:

aws s3api put-bucket-notification-configuration `
--bucket aws-s3-bucket-name `
--notification-configuration file://notification.json

Notification.json describes how the trigger should look like, for example:

"LambdaFunctionConfigurations": [
      "Id": "my-lambda-function-s3-event-configuration",
      "LambdaFunctionArn": "arn-of-aws-lambda-function",
      "Events": [ "s3:ObjectCreated:Put" ],
      "Filter": {
        "Key": {
          "FilterRules": [
              "Name": "suffix",
              "Value": ".zip"

If something is not working as it should be, you can add --debug flag to get verbose output from each of the commands.