2 Answers
- Newest
- Most votes
- Most comments
1
Hello.
I think you need to add "config.amazonaws.com" to Lambda's resource-based policy.
https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs.html#restricted-lambda-policy
aws lambda add-permission \
--function-name InstanceTypeCheck \
--statement-id "AddConfigPermission" \
--action lambda:InvokeFunction \
--principal config.amazonaws.com
I believe there needs to be a policy set on the IAM user you are using to allow "lambda:AddPermission".
0
Make sure you have proper IAM role for AWS Config with needed access to lambda and most importantly you have a resource based policy attached to your lambda function with permission as below :
aws lambda add-permission \ --function-name <lambda function name> \ --statement-id ConfigInvokePermission \ --action lambda:InvokeFunction \ --principal config.amazonaws.com \ --source-arn arn:aws:config:<region>:<account number>:config-rule/* \ --region <region>
answered 24 days ago
Relevant content
- asked 7 months ago
- asked 2 years ago
- asked 2 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
I'm making changes with root user account which should have admin access. Also, I tried to Resource based access to Invoke function but still no luck.
I also tried setting it up in my AWS account, but I can't reproduce the same error. I think you can create a custom rule if you have properly configured Lambda's resource-based policy using the command below.