0

I have an AWS Lambda function in Node.js that uses the SDK method listVersionsByFunction.

It's created from this AWS SAM template:

AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Globals: Function: Timeout: 3 Resources: special: Type: AWS::Serverless::Function Properties: FunctionName: 'my-project-special' CodeUri: ./handlers Handler: special.handler Runtime: nodejs10.x getLatest: Type: AWS::Serverless::Function Properties: CodeUri: ./handlers Handler: getLatest.handler Runtime: nodejs10.x Events: getLatest: Type: Api Properties: Path: /latest/ Method: get

and the handler calls the SDK like this:

const result = await lambda.listVersionsByFunction({ FunctionName: 'my-project-special', }).promise();

After deploying and making a request, there's an AccessDeniedException error:

User: arn:aws:sts::999999999:assumed-role/my-project-getLatest-ADFADSFASD/my-project-getLatest-HJLKHLKJKJ is not authorized to perform: lambda:ListVersionsByFunction on resource: arn:aws:lambda:us-east-2:999999999:function:my-project-special

How can I allow this access by means of the AWS SAM template?

Improve this question

1 Answer 1

Reset to default
2

The error is indicating that your Lambda does not have permission to perform ListVersionsByFunctionoperation on other resources (another Lambda).

What you have to do is to create a custom policy and add it to your template.

getLatest: Type: AWS::Serverless::Function Properties: CodeUri: ./handlers Handler: getLatest.handler Runtime: nodejs10.x Policies: - Version: '2012-10-17' Statement: - Effect: Allow Action: - lambda:ListVersionsByFunction Resource: '*' Events: getLatest: Type: Api Properties: Path: /latest/ Method: get

See reference

Or you can also add this policy as inline policy in IAM Management Console, under Roles select your function getLatest and add the policy. see snapshot.

enter image description here Hope it helps

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Perfect answer for this question!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.