2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Does the IAM role used to deploy your cloudformation stack have the correct IAM Permissions to deploy/Create Lambda?
0
回答済み 1年前
So it’s showing red in the gui with the user you are using. Does your iam user/role have lambda:* access and are there any scp’s or permission boundaries?
My policies are: myPolicies: Type: "AWS::IAM::Policy" Properties: PolicyName: "root" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "dynamodb:DeleteItem" - "dynamodb:GetItem" - "dynamodb:PutItem" - "dynamodb:Query" - "dynamodb:Scan" - "dynamodb:UpdateItem" Resource: "arn:aws:dynamodb:::table/practica_3" - Effect: "Allow" Action: - "cognito-idp:SignUp" - "cognito-idp:ConfirmSignUp" - "cognito-idp:ResendConfirmationCode" - "cognito-idp:ForgotPassword" - "cognito-idp:ConfirmForgotPassword" - "cognito-idp:InitiateAuth" - "cognito-idp:AdminGetUser" - "cognito-idp:AdminAddUserToGroup" Resource: "" - Effect: "Allow" Action: - "logs:" Resource: "" - Effect: "Allow" Action: - "s3:" - "s3-object-lambda:" Resource: "" Roles: - Ref: "myRole"
I dont see any permissions to allow any actions to be performed to lambda..
I'd be looking for something like
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "lambda:CreateFunction", "Resource": "*" } ] }
Or lambda:* if you wanted all access to lambda
I already added this policy but even so it keeps giving me the same error and the Lambda service appears as shown in the image, in the following comment.