By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

using lambda as the identity broker to access AWS Console

0

Hi, I create an identity broker to access AWS Console by following the 'Example code using Python' in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html. It works on my desktop. I can run the python code and generate valid AWS Console URL with assume role. However, when I migrate the code into lambda by assuming the same role, I failed at requests.get(request_url) with 400 error. In my code, lambda has assumed the role successfully. Why the assumed role can generate AWS Console url in my desktop but failed in lambda?

Topics
ServerlessComputeSecurity, Identity, & Compliance
Tags
AWS LambdaAWS Identity and Access Management
Language
English
AWS
Huiqing Ni
asked 2 years ago283 views
1 Answer
0

What role and policies does your deployed Lambda function have? If it doesn't have permission to assume the role, then I think you will get the error you described.

Usually your development user/role will have more permissions than a deployed Lambda function, but it depends on the deployed function role.

profile picture
rowanu
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content