403 error while creating Lambda function

0

I'm getting a 403 error when trying to create a Lambda function using Python (Request failed with status code 403). But Im able to successfully create Lambda if I select Node.js

Jeena
asked 10 months ago646 views
6 Answers
0

I have also faced this issue, how I overcome from this error is:

  1. Go to IAM Console

  2. Create Role -> Select "AWS Service" -> Choose "Lambda" as service

  3. Click Next

  4. Search "AdministratorAccess" and add this policy ("arn:aws:iam::aws:policy/AdministratorAccess") to it -> AdministratorAccess is just to resolve the issue and is temporary, you can later choose the role for your lambda with least permissions after creating the function

  5. Click Next -> Give Role a Name

  6. Go to Lambda console

  7. Create function the same way, you are creating

  8. Change default execution role -> Use an existing role -> Choose same role which you created above

  9. Create Function

Note: Step #4 is just to resolve this issue only(attaching AdministratorAccess), but not an advisable solution as we should always create the roles following least privilege model. Hope you understand that part. I'd encourage you to log a support case, if you have support plan which can let you create technical support case.

Hope you find this helpful.

Abhishek

profile pictureAWS
EXPERT
answered 10 months ago
  • Thank you for the answer, but this also didn't help and my IAM Account already have admin privileges

  • Did you check cloudtrail to see what's denying this. Here are the steps to check:

    Go to cloudtrail -> event history -> Lokkup attributes as EventName from drop down -> CreateFunction20150331 in value and search. You'll see what's getting denied.

    It's little odd since you are able to create for nodejs but not for python. You should be abel to see from cloudtrail, what's going wrong.

    Keep me posted.

  • Hi Jeena, It seem snot to be the permission problem but trust relation ship problem, like I mentioned in the answer, when you create role, create role choosing service as lambda and then assign Administrator access to it(temporarily). Once role gets created, make sure, you see lambda.amazonaws.com in this role trust relationship. Then create lambda function and choose this role. It's odd that on lambda console, lambda function in itself not able to create role on it's behalf and you should consider logging support case if you have support plan through which you can create the Tech Support case. Comment here, how it goes.

  • I tried this too.. I had created separate role with AdministratorAccess and tried to assign it to Lambda function during it's creation. But that too ended up in same error. I was using my company lap to create Lambda and now when I shifted to personal lap, it's working smoothly. But still I don't understand why my company lap is not allowing Python as runtime, while allowing Node.js

  • If I got you correct, you created lambda service role with Administrator access, even then it failed. I want you to make sure, you created service role not account role. If you created lambda service role and it's not allowing you, I'd suggest you to log a support case, support engineer should be able to help you out as they can check few things on your account.

0

Enter image description here

This is the one which I created and I don't have lambda with the same name

Jeena
answered 10 months ago
  • Did you check cloudtrail to see what's denying this. Here are the steps to check:

    Go to cloudtrail -> event history -> Lokkup attributes as EventName from drop down -> CreateFunction20150331 in value and search. You'll see what's getting denied.

    It's little odd since you are able to create for nodejs but not for python. You should be abel to see from cloudtrail, what's going wrong.

    Keep me posted.

  • I checked in cloudtrail and it seems like lambda is not able to create the IAM role and attach to the function. Could you please let me know what could be the cause of this? I'm posting the same as next comment

  • Hi Jeena, Like I mentioned in answer, first create a lambda service role, once the role is created, make sure, in trust relationship, you see lambda.amazonaws.com. Once this role gets created, then while creating lambda function use this role as lambda execution role. This should solve the problem. also, to further debug, why lambda console itself not able to create the role on function's behalf, I'd suggest you to log a support case if you have support plan.

0

Please give more information. Can you paste your code that creates the lambda function? and the error?

If you are passing in variables, print the value of the variables.

Are you using the correct Python runtime? Does the name conform?

Is the code valid? In the console, have you tried to create the same function?

AWS
Bahram
answered 10 months ago
  • I just started creating the function. The function name was given as test-lambda and the runtime was selected as Python 3.10. Then when I click on create function, it shows me the error. The same setup, with same name, is working for Node.js and I was able to create function. For Python runtime, I even tried changing the function name

0

You cannot have the same lambda functions multiple times. only 1 lambda function called 'test-lambda'. Can you include the screen shot of the setup before clicking the create and the error after clicking create function? Please remove an reference to an account.

AWS
Bahram
answered 10 months ago
  • Had added below

0

Enter image description here Here is sample of the create.

AWS
Bahram
answered 10 months ago
0

CloudTrail Event History

Jeena
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions