- Newest
- Most votes
- Most comments
Hi,
I just tested it, the cloudformation seems to work correctly in my case. Since you are using the root user, the only plausible explanation would be the issue is being caused by higher level restrictions i.e. imposed by an AWS Organizations service control policy (SCP) that affects your AWS account. In this case, you would need to review and update the SCP to grant the necessary permissions.
If it is not SCP related, I would suggest you to approach AWS support, since this issue could be specific to your account.
Thanks, Rama
I've had the same issue with getting 403s on creating the AVPAuthorizerLambdaServiceRole when following the same steps in the tutorial. We're using a user with Administrator Access.
In our case, it doesn't seem to be associating an IAM role with the created stack, so it fails on deployment.
I'm not sure why it's not setting it, but I was able to create the AVPAuthorizer in CloudFormation manually by doing the following:
- Downloading the template for the failed AVPAuthorizer in CF
- Creating a new stack using this template
- Setting the correct IAM role on the Permissions section (Step 3)
This creates the AVP Authorizer for us but we want to have it create via the AVP Cognito / API Gateway setup options.
Relevant content
- asked 2 years ago
- asked 6 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 9 months ago
Hi Rama. Thank you for the testing of my problem. Good to know, that the steps in the tutorial works fine. My AWS account doesn´t belong to an AWS organization. So there are no SCPs present. I will ask my question to AWS support. If anyone still has a hint, I would be very grateful. Thanks, Philipp