You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The sentinel_forwarder module fails to Terraform apply if the layer_arn being used is not the most recently published layer version:
╷
│ Error: error creating Lambda Function (1): AccessDeniedException:
│ status code:403, request id: 4be17092-313c-469a-b905-45f6cbec8546
│
│ with module.sentinel_forwarder.aws_lambda_function.sentinel_forwarder,
│ on .terraform/modules/sentinel_forwarder/sentinel_forwarder/main.tf line 34, in resource "aws_lambda_function""sentinel_forwarder":
│ 34: resource"aws_lambda_function""sentinel_forwarder" {
│
│
│ "User is not authorized to perform: lambda:GetLayerVersion on │ resource: arn:aws:lambda:ca-central-1:283582579564:layer:aws-sentinel-connector-layer:20 │ because no resource-based policy allows the lambda:GetLayerVersion action"
aws lambda get-layer-version-policy \
--layer-name aws-sentinel-connector-layer \
--version-number 37
# policy returned successfully
aws lambda get-layer-version-policy \
--layer-name aws-sentinel-connector-layer \
--version-number 36
# Following error returned for any layer version that is not the latest
An error occurred (ResourceNotFoundException) when calling the GetLayerVersionPolicy operation: Layer version arn:aws:lambda:ca-central-1:283582579564:layer:aws-sentinel-connector-layer:36 does not have any resource policy.
Summary
The sentinel_forwarder module fails to Terraform apply if the
layer_arn
being used is not the most recently published layer version:Although the layer has a permission policy created for it on publish, it appears that this permission is being removed when a new layer version is published.
Related
The text was updated successfully, but these errors were encountered: