Implement AWS Verified Permission using AWS Lambda

0

import { VerifiedPermissions } from "@aws-sdk/client-verifiedpermissions"; export const handler = async (event) => { try { var verifiedpermissions = await new VerifiedPermissions();

var params = {
  validationSettings: {
    mode: "OFF" /* required */,
  },
  clientToken: "d876e578-b6c6-4251-bbf5-6366c5d69abc",
};
const createPolicyStore_ = await verifiedpermissions.createPolicyStore(
  params
);
return createPolicyStore_;

} catch (error) { throw new Error(error); } }; This is my Lambda function. I have also integrated the AWS SDK for JavaScript into my Node.js Lambda function using layers. But I am getting the below error when implementing AWS Verified Permission with Lambda: "errorMessage": "AccessDeniedException: User: arn:aws:sts::xxxxxxxx:assumed-role/verifiedPermissionTest-role-cj3t6pqg/verifiedPermissionTest is not authorized to perform: verifiedpermissions:createpolicystore on resource: * because no identity-based policy allows the verifiedpermissions:createpolicystore action"

Topics

Serverless Compute Security, Identity, & Compliance Management & Governance

Tags

AWS Lambda Amazon Verified Permissions

Language

English

asked 6 months ago243 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

0

Hello.

Judging from the content of the error, it seems that the IAM role does not allow "verifiedpermissions:createpolicystore", but how is the IAM role configured?
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonverifiedpermissions.html

EXPERT

answered 6 months ago

EXPERT

reviewed 6 months ago

Sulu
6 months ago
But I have added the policy that permits the user to perform all the actions in Verified Permission.This is the policy statement: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "verifiedpermissions:", "Resource": "" } ] }
Riku_Kobayashi EXPERT
6 months ago
Please check again whether the settings are configured in the IAM role used by Lambda. Also, to check the operation, temporarily set strong privileges such as AdministratorAccess and see if it works without any problems. In other cases, it may be possible to check CloudTrail events and check the missing permissions.
hakanson
6 months ago
not sure if cut/paste error because of formatting, but is Action "verifiedpermissions:" missing the * after the : - it should be "verifiedpermissions:*"

Relevant content

Unable to determine handler from trigger event
Techxonia
asked 2 years ago
Lambda execution failed: Cannot find package 'aws-sdk' imported from /var/task/index.mjs
sandoval0992
asked 2 months ago
AWS Lambda Handler
Accepted Answer
Omar
asked 10 months ago
Trying to understand async/await in lambda
Accepted Answer
dmb0058
asked a year ago
How do I fix the circular dependency between an AWS Lambda permission and target group resources in AWS CloudFormation?
AWS OFFICIALUpdated 3 years ago
How can I use resource-based policies with AWS Lambda to grant permission to AWS services?
AWS OFFICIALUpdated 3 years ago
How do I resolve HTTP 502 errors from API Gateway REST APIs with Lambda proxy integration?
AWS OFFICIALUpdated 2 years ago
How can I prevent my Lambda function connected to an Amazon VPC from timing out?
AWS OFFICIALUpdated a year ago
How to Implement OpenID on AWS
EXPERT
Sedat Salman
published a year ago
How to use JWT tokens for authorization with AWS KMS in NodeJs Lambdas
EXPERT
Antonio_Lagrotteria
published 2 months ago