By using AWS re:Post, you agree to the Terms of Use

using lambda as the identity broker to access AWS Console

0

Hi, I create an identity broker to access AWS Console by following the 'Example code using Python' in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html. It works on my desktop. I can run the python code and generate valid AWS Console URL with assume role. However, when I migrate the code into lambda by assuming the same role, I failed at requests.get(request_url) with 400 error. In my code, lambda has assumed the role successfully. Why the assumed role can generate AWS Console url in my desktop but failed in lambda?

1 Answer
0

What role and policies does your deployed Lambda function have? If it doesn't have permission to assume the role, then I think you will get the error you described.

Usually your development user/role will have more permissions than a deployed Lambda function, but it depends on the deployed function role.

answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions