Steps to Reproduce this issue:
Visual Studio Code & AWS ToolKit to deploy a Lambda function ( Python based ) to us-east-1.
I was using a IAM user ( not an admin ) that has following the managed policies attached to my IAM user
- IAMFullAccess
- AmazonSNSFullAccess
- AmazonSQSFullAccess
- AmazonS3FullAccess
- AWSCloudFormationFullAccess
- AWSLambda_FullAccess
Observed:
Observed the following error and the CFN deployment was rolledback
2022-11-04 18:42:26 UTC-0700 ServerlessRestApi
CREATE_FAILED User: arn:aws:iam::XXXXXXXXXXXXXXXXX:user/demo-test is not authorized to perform: apigateway:POST on resource: arn:aws:apigateway:us-east-1::/restapis because no identity-based policy allows the apigateway:POST action (Service: AmazonApiGateway; Status Code: 403; Error Code: AccessDeniedException; Request ID: 6f0eef1d-14c4-4e53-a972-4ca3d21cf256; Proxy: null)
Ask:
- Can you please help me on how I should interpret this error and what specific permission / policy change that I need to do to get myself unblocked.
- Any AWS Console tools in IAM like Access Advisor that could help me review the access logs / audit trials and suggest me what specific managed policy that I need to attach or which inline policy fragment that I need to attach to this user?.
Any references and guidance on how to fix this issue would be very helpful
Thanks!