Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
using lambda as the identity broker to access AWS Console
Hi, I create an identity broker to access AWS Console by following the 'Example code using Python' in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html. It works on my desktop. I can run the python code and generate valid AWS Console URL with assume role. However, when I migrate the code into lambda by assuming the same role, I failed at requests.get(request_url) with 400 error. In my code, lambda has assumed the role successfully. Why the assumed role can generate AWS Console url in my desktop but failed in lambda?
- Newest
- Most votes
- Most comments
What role and policies does your deployed Lambda function have? If it doesn't have permission to assume the role, then I think you will get the error you described.
Usually your development user/role will have more permissions than a deployed Lambda function, but it depends on the deployed function role.
Relevant content
- asked 6 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
