The KMSAccessDeniedException error usually occurs when a Lambda function's IAM role is deleted and then is recreated with the same name. If this is what happened, configure a new IAM role for the function. Then, deploy the function again and reconfigure the previous IAM role.
The AWS KMS key specified in your request must be in the same AWS Region and account as your Lambda function. If the Region is different, then use another AWS KMS key (or create a new AWS KMS key) in the same Region.
Lambda reclaims network interfaces that aren't in use. This action can place a function in an inactive state. When a function that is inactive is invoked, the function enters a pending state while VPC network access is restored. The first invocation and all others that occur while the function is in a pending state fail and then produce a ResourceNotReadyException error.
To resolve the error, wait until the VPC connection is restored. Then, invoke the Lambda function again.
Sometimes the Lambda service itself encounters an internal error. If you get a 500 error, check the AWS Service Health Dashboard to determine if Lambda is unavailable. For more information, see Is AWS down?
If Lambda is available, retry the request to invoke your Lambda function.
A subnet's size is defined by its CIDR block. Be sure that the CIDR blocks that you specify in your Amazon VPC have enough free IP addresses for your Amazon VPC-activated Lambda function's requirements. For more information, see VPC and subnet sizing.
You have exceeded the maximum limit for Hyperplane elastic network interfaces for your account
The default maximum number of Hyperplane elastic network interfaces or each virtual private cloud (VPC) is 250. For information on how to request a limit increase, see Service Quotas.