using lambda as the identity broker to access AWS Console


Hi, I create an identity broker to access AWS Console by following the 'Example code using Python' in It works on my desktop. I can run the python code and generate valid AWS Console URL with assume role. However, when I migrate the code into lambda by assuming the same role, I failed at requests.get(request_url) with 400 error. In my code, lambda has assumed the role successfully. Why the assumed role can generate AWS Console url in my desktop but failed in lambda?

1 Answer

What role and policies does your deployed Lambda function have? If it doesn't have permission to assume the role, then I think you will get the error you described.

Usually your development user/role will have more permissions than a deployed Lambda function, but it depends on the deployed function role.

profile picture
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions