I'm trying to trace how an old Lambda function from a few years ago is being invoked. It creates a file and uploads it to an S3 bucket, but there are no configured triggers. It's being called several times an hour, and understanding who or what is invoking it would help me decide whether it's still necessary or can be safely deleted. I suspect there might be another Lambda function calling it, possibly triggered by a cron job or similar, but I can't find any evidence of that. Is there a way to backtrack and see how this Lambda function is getting invoked, such as by another piece of code or a CloudFront association?
5 Answers
You could also check if it's being triggered by EventBridge for periodic or scheduled invocations. That might explain some of the regular calls.
Using CloudTrail could definitely be the way to go. It might provide the insights you're looking for regarding invocation history.
You might be looking at a direct invoke via the API call. Enabling Lambda data events in your CloudTrail trail can help—these are usually off by default due to their volume, but turning them on will let you see the invoke API call along with the calling principal.
Check CloudWatch logs and metrics; each invocation leaves a trace there, though it won't show you the trigger. Look at what principals have permission to invoke the Lambda; if done correctly, that could help identify possible callers.
When the Lambda is invoked, it receives an event. You could print that event, which might give you insights into what's calling it. For example, in Python, you can do something like:
def lambda_handler(event, context):
print(event)
But if it were triggered by EventBridge, wouldn’t that show up in the configuration/triggers section of the console?