amazon web services - SNS topic not triggering Lambda -

i attempting set email-sending lambda function triggered sns topic in cloudformation, reason not working. went in , checked of dependencies/permissions after lambda & sns went , seems in order, when publish topic nothing happens. when manually test lambda in lambda console, works perfectly.

cloudformation

"resources": {     "cloudformationeventhandlerlambdaexecutionrole": {       "type": "aws::iam::role",       "properties": {         "path": "/",         "policies": [           {             "policyname": "cloudformationtrigger",             "policydocument": {               "statement": [                 {                   "effect": "allow",                   "action": [                       "ses:*"                   ],                   "resource": [                     "arn:aws:ses:*"                   ]                 }               ]             }           }         ],         "assumerolepolicydocument": {           "statement": [             {               "action": [                 "sts:assumerole"               ],               "effect": "allow",               "principal": {                 "service": [                   "lambda.amazonaws.com"                 ]               }             }           ]         }       }     },     "cloudformationeventhandlerlambdafunction": {       "type": "aws::lambda::function",       "properties": {         "handler": "lambda_function.lambda_handler",         "role": {           "fn::getatt": [             "cloudformationeventhandlerlambdaexecutionrole",             "arn"           ]         },         "code": {           "s3bucket": {             "ref": "bucket"           },           "s3key": "cloudformationeventhandler.zip"         },         "runtime": "python2.7",         "timeout": "30"       },       "dependson": [         "cloudformationeventhandlerlambdaexecutionrole"       ]     },     "cloudformationeventhandlerlambdainvokepermission": {       "type": "aws::lambda::permission",       "properties": {         "action": "lambda:invokefunction",         "sourceaccount": {           "ref": "aws::accountid"         },         "principal": "sns.amazonaws.com",         "sourcearn": {             "ref": "cloudformationtopic"         },         "functionname": {           "fn::getatt": [             "cloudformationeventhandlerlambdafunction",             "arn"           ]         }       }     },     "cloudformationtopic": {         "type": "aws::sns::topic",         "properties": {             "displayname": "cloudformationingesttopic",             "subscription": [                 {                     "endpoint": {                         "fn::getatt": [                             "cloudformationeventhandlerlambdafunction",                             "arn"                         ]                     },                     "protocol": "lambda"                 }             ]         },         "dependson": [ "cloudformationeventhandlerlambdafunction" ]     }   } 

python ses lambda

import boto3  client = boto3.client('ses')  def lambda_handler(event, context):     message = """         event:         {}          context:         {}     """.format(event, context)      response = client.send_email(             source='***censored***',             destination={ 'toaddresses': [ ***censored***' ] },             message={                     'subject': {                             'data': 'cfmtest'                         },                     'body': {                             'text': {                                     'data': message                                 }                         }                 }             ) 

the sourceaccount aws::lambda::permission resource type meant used cloudwatch logs, cloudwatch rules, s3 , ses.
after removing field cloudformationeventhandlerlambdainvokepermission resource on template, able invoke lambda function publishing sns topic.

refer this documentation more information regarding lambda permissions