By using AWS re:Post, you agree to the Terms of Use

Lambda is not authorized to perform: secretsmanager:GetSecretValue


I've setup the following policy on the my role.

            "Action": [
            "Resource": "arn:aws:secretsmanager:us-west-2:354135999999:secret:beta/Secrets-2ZZZZZZ",
            "Effect": "Allow"

But I keep getting this error when my lamba website tries to startup. It's using .NET Core 2.1.

User: arn:aws:sts::354135999999:assumed-role/Dragnet-Beta-LambdaRole-1O22YYYYYYYYY/Dragnet-Beta-WebsiteLambda-11AZX4HXXXXXX is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-west-2:354135999999:secret:beta/Secrets-2ZZZZZZ

I've used the policy simulator and when I paste in the ARN in the error message it says "Allowed". So I'm really confused as to why my Lambda can't get the secret.

I have triple checked the role and policy it's using are what are showing up in the error message and that the lambda is configured with the matching role.

1 Answer

Fixed it.

I just changed the memory size of the Lambda a little bit and Saved the change to force it to reload from cache. It then picked up the correct permissions and everything worked.


answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions