UpdateEdgeFunctionCustom deployment fails with AccessDeniedException
Closed this issue · 1 comments
aburkleaux-amazon commented
The edge stack template-edge.yaml fails to deploy. During execution of the custom resource, UpdateEdgeFunctionCustom, the lambda has the following error. I think the lambda execution policy needs to be updated to add the templated target lambda function ARN.
[ERROR] 2023-02-09T16:55:35.098Z 1e3165a7-5fc6-4985-8072-64c17f584260 An error occurred (AccessDeniedException) when calling the GetFunction operation: User: arn:aws:sts::XXXXXXXXXX:assumed-role/perosonalization-apis-edge-UpdateEdgeFunctionRole-1BF921P6E9DBB/perosonalization-apis-edge-UpdateEdgeFunction-5ifMHIDfhMyB is not authorized to perform: lambda:GetFunction on resource: arn:aws:lambda:us-east-1:XXXXXXXXXX:function:perosonalization-apis-edge-EdgeAuthFunction-yKRq0NyeoOS6:Templated because no identity-based policy allows the lambda:GetFunction action
Traceback (most recent call last):
File "/var/task/crhelper/resource_helper.py", line 204, in _wrap_function
self.PhysicalResourceId = func(self._event, self._context) if func else ''
File "/var/task/main.py", line 84, in create_or_update_resource
update_function(event)
File "/var/task/main.py", line 40, in update_function
response = lambda_client.get_function(
File "/var/runtime/botocore/client.py", line 391, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/runtime/botocore/client.py", line 719, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetFunction operation: User: arn:aws:sts::XXXXXXXXXX:assumed-role/perosonalization-apis-edge-UpdateEdgeFunctionRole-1BF921P6E9DBB/perosonalization-apis-edge-UpdateEdgeFunction-5ifMHIDfhMyB is not authorized to perform: lambda:GetFunction on resource: arn:aws:lambda:us-east-1:XXXXXXXXXX:function:perosonalization-apis-edge-EdgeAuthFunction-yKRq0NyeoOS6:Templated because no identity-based policy allows the lambda:GetFunction action
aburkleaux-amazon commented
Fixed and merged. Deployment successful.