Lambda policy not authorized to call RunTask - policy issue?


Hi all, I've been tearing my hair out about this, and I have a feeling the answer will be simple, but beyond me at the moment.

I have an S3 bucket notification that triggers a Lambda function to run a Fargate task to process the uploaded file. The Lambda function can download the file fine, but when invoking 'RunTask' via the AWS Node SDK, I get:

"UnauthorizedOperation: You are not authorized to perform this operation."

When I run the Lambda function locally with a user with Administrator permissions, all works fine, so it must be the Lambda's policy, which I've copied below (redacted values shown):

"Version": "2012-10-17",
"Statement": [
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"Resource": [

I have also tried with no ':' wildcard for the task definition ARN, as well as 'ecs:' broad-stroke permissions and no dice.

Am I missing any additonal permissions required for 'RunTask'? Perhaps some read permissions?

Thanks in advance.

asked 2 years ago130 views
1 Answer

There I go... Missing an ec2:DescribeSubnets in my Lambda role...

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions