Function s3 trigger with existing: true generates another lambda called custom-resources

Hello,
as title says, i’ve a function with a trigger on S3 using the new definition:

functions:
lambda:
handler: src/handler.handler
events:
  - s3:
      bucket: bucketName
      event: s3:ObjectCreated:*
      rules:
        - prefix: xml-texts/
        - suffix: .xml
      existing: true

The bucket already exists and i’m using the existing: true to avoid the error as described in

I’ll put my cloudFormation json too: https://pastebin.com/8v6GhunX

Is this a feature? a bug? someone knows why this happens?

Thanks!

1 Like

The docs you link to specify : “Using the existing config will add an additional Lambda function and IAM Role to your stack. The Lambda function backs-up the Custom S3 Resource which is used to support existing S3 buckets.” :slight_smile:

1 Like

I’m blind I guess. Thanks for the reply!

I still think this is weird, I can connect an existing s3 bucket from the GUI, why can’t I just connect it is weird

This is all because of limitations in place by AWS on the CloudFormation which is what we use to deploy your resources into AWS as well as maintain state. Unfortunately the ability to connect to existing S3 buckets doesn’t exist in CloudFormation (strange, I know) so the only way left for us to add that feature is to support it via a feature provided by AWS know as Custom CloudFormation Resources.

We know this isn’t perfect, but those are some of the limits we work under :slight_smile:

1 Like

Thank you for the clarification

I was sure that the “problem” is in AWS

Does this means one need to pay for compute of both the lambdas on s3 triggers ?

  1. Actual Lambda that we want to be invoked
  2. Additional Lambda with custom resources

Thanks
Amar.

I think yes.
In the end I put the trigger manually to avoid this

Thanks for the quick response.

Ideally we won’t need to drop the cloudformation stack. If at all one need to delete the stack it will FAIL since the Lambda can’t be deleted unless the s3 event notification added manually isn’t removed.

Is there a work around for this ?

Is there a way to set a trigger likethis directly in cloudformation so we don’t have the additional lambda costs? Or even a way to define what this IAM role name is?

We need to change the automatically created lambda function name, IAM role an most importantly the VPC configurations. Is there a way or a workaround to do that ?

Thanks

As I understand this, the extra function <stack-name>-custom-resource-existing-s3 is used only for creating and managing Event Notifications on the S3 bucket and not later on for the events themselves. If you look at it in the AWS Console, you’ll see it doesn’t list any triggers, so it shouldn’t get called. Serverless should probably remove it together with the extra Role on deployment finish.