By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to invoke AWS Lambda function: Authorization error

0

I am using storing the document first in my bucket and then calling the lambda function that I created to get the response of the document, I am able to send the document in S3 but getting the below error that's why I am not getting the response of the document in code of react.js.

Error:- "AccessDeniedException: User: arn:aws:iam::076465650773:user/username is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:ap-south-1:076465650773:function:testing-lamda-function because no permissions boundary allows the lambda:InvokeFunction action"

I have already created the role, user & inline policy as below:- ![lambda_role] (/media/postImages/original/IMitfRFbfYS5qWO8lJn9BMGw)

![aws_user] (/media/postImages/original/IMtt5hcq8sQwCZdZfCAPnUzA)

![testing-lambda-policy] (/media/postImages/original/IMiNOBaFjKQRyHlTUf9EDcrw)

My code:-

export const DetectText = () => {
  const [file, setFile] = useState({});
  const bucketName = process.env.REACT_APP_SECRET_BUCKET_NAME;

  const onSelectFile = (e) => {
    if (!e.target.files || e.target.files.length === 0) return;
    const reader = new FileReader();
    const file = e.target.files[0];
    setFile(file);
    reader.readAsDataURL(file);
  }

  const s3 = new AWS.S3({
    accessKeyId: process.env.REACT_APP_ACCESS_KEY_id,
    secretAccessKey: process.env.REACT_APP_SECRET_ACCESS_KEY,
    region: 'ap-south-1'
  });

  const detectText = async () => {
    const params = {Bucket: bucketName, Key: file.name, Body: file};
    s3.putObject(params, (err, data) => {
      if (err) console.log(err);
      else console.log(data);
    });

    const lambda = new AWS.Lambda({
      accessKeyId: process.env.REACT_APP_ACCESS_KEY_id,
      secretAccessKey: process.env.REACT_APP_SECRET_ACCESS_KEY,
      region: 'ap-south-1'
    });

    const params2 = {
      FunctionName: 'testing-lamda-function',
      Payload: JSON.stringify({
        Records: [{
           s3:{bucket: { name: bucketName }, object: { key: file.name }}
          }]
      })
    };

    lambda.invoke(params2, (err, data) => {
      if (err)console.log(err);
      else console.log(data);
    });
  };

  return (
    <div>
      <input type='file' id='file' name='file' onChange={onSelectFile} className='inputfile' />
      <button onClick={detectText} style={{ margin: "10px" }}>Run OCR</button>
    </div>
  )
}

Please let me know what I am doing wrong. Any help or suggestion will be truly appreciated.

Topics
ServerlessStorageCompute
Tags
ServerlessAmazon Simple Storage ServiceAWS Lambda
Language
English
Ritik
asked a year ago1126 views
1 Answer
1
Accepted Answer

From the error message, it appears that the IAM user "User: arn:aws:iam::076465650773:user/username" does not have "lambda:InvokeFunction" permission.
Try setting "lambda:InvokeFunction" to the appropriate IAM user.
Also, please check the following document, as it says "because no permissions boundary".
https://repost.aws/knowledge-center/iam-access-denied-permissions-boundary

profile picture
EXPERT
Riku_Kobayashi
answered a year ago
  • Ritik
    a year ago

    Thanks now it's working after adding this InvokeFunction

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content