AWS CloudFormation: How to specify a bucket from another AWS account for Lambda code?

Question

When writing the AWS CloudFormation template to create a Lambda function, 'Code' field is required. I found the documentation here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html

The document says you can specify the source of your Lambda function as a zip file in a S3 bucket. And in the S3Bucket field, it says "You can specify a bucket from another AWS account as long as the Lambda function and the bucket are in the same region."

If you put a bucket name in the S3Bucket field, it will try to find the bucket in the same AWS account. So my question is how can I specify a bucket from another AWS account?

A code snippet in yaml I created for the CFT:

  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs6.10
      Role: !GetAtt LambdaRole.Arn
      FunctionName: 'MyLambda'
      MemorySize: 1024
      Timeout: 30
      Code: 
        S3Bucket: 'my-bucket'
        S3Key: 'my-key'

Answer 1

An S3 bucket is an S3 bucket. It doesn't matter which AWS account it is in. If you have permission to access the bucket then you can access it.

Simply provide the name of the S3 bucket (it must be in the same region in this specific case) and make sure the credentials you are using are allowed access to the S3 bucket.

Answer 2

If you are deploying your Cloudformation stack in multiple AWS regions, you can quickly create identical S3 buckets in each of these regions using a tool like cfs3-uploader .