I have 2 lambda functions. 1. #1 - calling the #2 2. #2 - with function url with IAM permission setup. 3. Created policy statement with #1's execution role arn and action as lambda:InvokeFunctionUrl and attached to #2 But getting a forbidden request by the #2. Do we need to add extra permissions?. Can someone guide me here?

If you are calling Lambda function #2 from Lambda function #1, there shouldn't be a reason why you would want to use a Function URL (which would require you to trigger the function [via a Sigv4 signed HTTPS request](https://docs.aws.amazon.com/lambda/latest/dg/urls-invocation.html)). Instead, I would suggest updating Lambda function #1 to [make an SDK call to invoke](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/lambda/client/invoke.html) the Lambda function #2 directly.

Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

Resource Based policy statements for Lambda

I have 2 lambda functions.

#1 - calling the #2
#2 - with function url with IAM permission setup.
Created policy statement with #1's execution role arn and action as lambda:InvokeFunctionUrl and attached to #2

But getting a forbidden request by the #2.

Do we need to add extra permissions?. Can someone guide me here?

kentrad EXPERT
3 years ago
Can you post your policies?

Topics: Microservices Serverless Compute Security, Identity, & Compliance
Tags: Microservices AWS Identity and Access Management IAM Policies AWS Lambda
Language: English

Aara Amuthan

asked 3 years ago657 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

If you are calling Lambda function #2 from Lambda function #1, there shouldn't be a reason why you would want to use a Function URL (which would require you to trigger the function via a Sigv4 signed HTTPS request).

Instead, I would suggest updating Lambda function #1 to make an SDK call to invoke the Lambda function #2 directly.

EXPERT

Matt J

answered 3 years ago

Aara Amuthan
3 years ago
Lambda functin #1 is more for orchestration purposes, and lambda function #2 has the actual service implementation.

Relevant content

Resource handler returned message: "The provided execution role does not have permissions to call CreateNetworkInterface on EC2 (Service: Lambda, Status Code: 400,
marinkie
asked 3 years ago
Lambda Function URL Invoke with ALB
rePost-User-2097280
asked 9 months ago
Lambda Execution Role with SNS Topic Access
Kent
asked 5 months ago
Cross account SQS - Lambda setup throws error execution role does not have permissions to call receiveMessage on SQS
Accepted Answer
rePost-User-8431883
asked 3 years ago
How can I use resource-based policies with AWS Lambda to grant permission to AWS services?
AWS OFFICIALUpdated 4 years ago
What's the difference between Lambda function execution role permissions and invocation permissions?
AWS OFFICIALUpdated a year ago
How do I troubleshoot permissions issues with Lambda?
AWS OFFICIALUpdated 3 years ago
How do I resolve the "Lambda does not have permission to access the ECR image" error for a Lambda function container image?
AWS OFFICIALUpdated 2 months ago
Bedrock Knowledge Base with S3 Vectors: Troubleshooting IAM Permission Issues
EXPERT
Sankalp H T
published 3 months ago
How to Programmatically Delete Amazon Q Data Integrations in Amazon Connect using Python and AWS Lambda
SUPPORT ENGINEER
rajaws
published 8 months ago

Resource Based policy statements for Lambda

Add your answer

Relevant content