How do I troubleshoot "permission denied" or "unable to import module" errors when uploading a Lambda deployment package?

4 minute read

When I try to upload my AWS Lambda deployment package, I get either a permission denied or unable to import module error. How do I resolve these errors?

Short description

Lambda requires global read permissions on code files and any dependent libraries in your deployment package. If your Lambda deployment package isn't configured with the correct security permissions, then Lambda returns an error when you try to upload the file. These permission denied and unable to import module errors most commonly occur when deployment packages are created by continuous integration applications.

The correct permissions for all executable files within a Lambda deployment package is 644 in Unix permissions numeric notation. For folders within a deployment package, the correct permissions setting is 755.

Note: Because Lambda uses POSIX permissions, it's a best practice to use a POSIX-compliant operating system when building Lambda deployment packages. For example: Linux, Unix, or macOS. Parity between the permissions model in your build environment and Lambda's runtime environment reduces the chance of permissions issues.

If you use Windows for development and need to fix a permissions issue, you can set up a Linux environment by doing either of the following:

Install a Linux distribution on your PC (Windows 10 only). For more information, see Windows subsystem for Linux installation guide for Windows 10 on the Microsoft Docs website.
Launch an Amazon Elastic Compute Cloud (Amazon EC2) instance using Lambda's Amazon Machine Image (AMI).

Resolution

Confirm which file or folder is the cause of the error

Depending on the programing language used to write your Lambda function code, the cause of the error might not be clear in the error message.

For example, a Node.js function error message lists the name of the file or folder that's the source of the error. However, a Python function error message doesn't list the name of the file or folder that's the source of the error.

Node.js Lambda function permission denied error example

{
  "errorMessage": "EACCES: permission denied, open '/var/task/index.js'",
  "errorType": "Error",
  "stackTrace": [
    "Object.fs.openSync (fs.js:641:18)",
    "Object.fs.readFileSync (fs.js:509:33)",
    "Object.Module._extensions..js (module.js:578:20)",
    "Module.load (module.js:487:32)",
    "tryModuleLoad (module.js:446:12)",
    "Function.Module._load (module.js:438:3)",
    "Module.require (module.js:497:17)",
    "require (internal/module.js:20:19)"
  ]
}

Python Lambda function unable to import module error example

Unable to import module 'index': No module named index

Python Lambda function unable to import module error for external libraries that are missing required permissions example

Unable to import module 'index': No module named requests

To check the permissions for all the files and folders within the deployment package .zip file, run the following zipinfo command in your command line interface (CLI):
Important: Replace lambda-package.zip with your deployment package .zip file name.

zipinfo lambda-package.zip

Zipinfo command response example

Archive:  lambda-package.zip
Zip file size: 305 bytes, number of entries: 1
-r--------  3.0 unx      188 tx defN 21-Feb-13 20:48 example.py
1 file, 188 bytes uncompressed, 135 bytes compressed:  28.2%

Note: In this example, the permissions of example.py is -r--------, or 400 in Unix permissions numeric notation, so the permissions for the file need to be updated to 644.

Update the permissions for your deployment package

Note: The following commands work for Linux, Unix, and macOS operating systems only.

1. To unpack the files and folders inside your deployment package to a temporary folder, run the following command in your CLI:
Important: Replace lambda-package.zip with the file name of your deployment package. Replace temp-folder with whatever name you'd like to give the new temporary folder.

mkdir temp-folder; unzip lambda-package.zip -d temp-folder ;cd temp-folder;ls -l

2. Update the permissions of the library's files.

Note: To make all files and folders in the current directory readable by any user, run the following chmod command:

$ chmod 644 $(find /tmp/package_contents -type f)
$ chmod 755 $(find /tmp/package_contents -type d)

3. After fixing the permissions, repackage the files and folder into a new .zip file by running the following command:

zip -r new-lambda-package.zip *

4. Upload the new deployment package.

Related information

Getting started with Lambda

Topics

Serverless Compute

Relevant content

Receive error in Lambda: Unable to import module 'functions': No module named 'functions' Traceback
Mjr
asked 3 months ago
Error when trying to import package installed using lambda layer on nodejs14 ES module enabled lambda function
AWS-User-5823323
asked a year ago
"Unable to import module 'lambda_function': No module named 'charset_normalizer'"
Accepted Answer
robbe
asked 4 months ago
Permission denied trying to import from another component
jcai
asked 2 years ago
API Gateway with Lambda - "Unable to import module 'server': No module named 'server'"
Accepted Answer
Sri
asked a year ago
How do I build a Lambda deployment package for Node.js?
AWS OFFICIALUpdated 8 months ago
How do I resolve the "Unable to import module" error that I receive when I run Lambda code in Python?
AWS OFFICIALUpdated 3 months ago
How can I troubleshoot the "Runtime.InvalidEntrypoint" error for my Lambda function that's from a Docker image?
AWS OFFICIALUpdated 3 months ago
How do I resolve the "Cannot find module" or "Cannot find Package" errors when I run Lambda code in Node.js?
AWS OFFICIALUpdated a month ago
Troubleshoot 403 Access Denied error in Amazon S3
EXPERT
Gayathri Krishnamoorthy
published 4 months ago