You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the lambda resource described in the tutorial, terraform encounters the following error:
╷
│ Error: reading Lambda Function (HelloWorld) latest version: operation error Lambda: ListVersionsByFunction,
https response error StatusCode: 403, RequestID: 17d6bae4-1caa-47bb-8483-68d61e3e99fe, api error
AccessDeniedException: User: arn:aws:iam::339712767340:user/dboardman is not authorized to perform:
lambda:ListVersionsByFunction on resource: arn:aws:lambda:us-east-1:339712767340:function:HelloWorld because
no identity-based policy allows the lambda:ListVersionsByFunction action
This is not alleviated by any of the IAM policies you can attach to your Group or User. For instance the AWSLambda_FullAccess contains the lambda:* permissions (all policy permissions). You still encounter the error.
This approach seems safer than modifying an identity-based policy. It creates a separate resource-based policy document specifically granting lambda:ListVersionsByFunction and attaches it directly to the Lambda function itself.
With the lambda resource described in the tutorial, terraform encounters the following error:
This is not alleviated by any of the IAM policies you can attach to your Group or User. For instance the
AWSLambda_FullAccess
contains thelambda:*
permissions (all policy permissions). You still encounter the error.I found a stack overflow thread that describes why this is the case.
Below is an addition that can be added to the example code (and hopefully the tutorial), that will correct this error.
You can find this permission in
IAM -> Roles -> serverless_lambda
. You should see thislambda_list_versions
permissions policy.The text was updated successfully, but these errors were encountered: