By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Aws support lambda get function update

0

Description We are contacting you because we are making a change to the Lambda GetFunction API authorization which may require your action.

Previously, permissions on ListTags were required only when using the ListTags API explicitly. However, principals with GetFunction API permissions could still access tag information outputted by the GetFunction call. Beginning July 27, 2024, Lambda will return tags data only when the principal calling GetFunction API has a policy with explicit allow permission on ListTags API. When the role calling the GetFunction API has a policy with a deny or has no policy with explicit allow access to ListTags API, Lambda will not return tags data in the response to the GetFunction API call.

We identified your account has roles with allow access to the GetFunction API, however, the policy does not allow access to the ListTags API. If you intend to continue receiving tags data using the GetFunction API, you must add a policy to the AWS Identity and Access Management (IAM) role used to call the GetFunction API with an explicit “allow access to the ListTags API. Please refer to our "Permissions required for working with tags" user guide for information about the permissions required for using tags with Lambda resources [1].

To allow you time to review and make necessary changes, we have added your account to an allow list until September 1, 2024. After this date, calls to the GetFunction API will return tags data only if the caller has explicit allow access to the ListTags API. If the caller does not have allow access to the ListTags or has deny access to the ListTags API, the GetFunction API will return function configuration excluding tags data. Additionally, the message will include the new TagsError object which provides the reason for not returning the tags data.

Please refer to our "Adding and removing IAM identity permissions" user guide for information on adding missing permissions to existing users [2].

If you need more time to take action, or have questions, please contact AWS Support [3].

[1] https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html#permissions-required-for-working-with-tags-cli [2] https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html [3] https://aws.amazon.com/support

Answer: I have 1500 lambda do I have to add list tag to all the roles which are using GetFunction? already added with 3 lambda roles but it is not removing the affected resource count(aws health dashboard) In affected resource there is only 1 link for lambda page & it is showing all the lambda which i have created in my project. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:GetFunction", "lambda:ListTags" ], "Resource": "arn:aws:lambda:::function:*" } ] } Is it manual work for all the roles which are connected with lambda.?

Topics
ServerlessCompute
Tags
AWS Lambda
Language
English
Ravi
asked 10 months ago1K views
1 Answer
0

All true. As for the AWS Health Dashboard not updating the affected resource count, it might take some time for the changes to reflect.

Remember, after September 1, 2024, the GetFunction API will return tags data only if the caller has explicit allow access to the ListTags API. So, it’s important to make these changes before that date.

profile picture
EXPERT
Giovanni Lauria
answered 10 months ago
  • Ravi
    10 months ago

    so do i have to add these permission for all the roles.?

  • Ravi
    10 months ago

    How can I do the changes?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content