mark340
착하게살자
mark340
전체 방문자
오늘
어제
  • 분류 전체보기 (98)
    • 백준 (11)
    • 알고리즘 (1)
    • Javascript (17)
    • CS (18)
    • 기타 (9)
    • AI (1)
    • Angular (2)
    • Linux (14)

블로그 메뉴

  • 홈
  • 태그
  • 방명록

공지사항

인기 글

태그

  • Closure
  • oauth
  • MySQL
  • JavaScript
  • parsing

최근 댓글

최근 글

티스토리

hELLO · Designed By 정상우.
mark340

착하게살자

기타

[AWS] AccessDeniedException: User is not authorized to perform: lambda:InvokeFunction

2023. 8. 22. 17:09

I'm trying to invoke a lambda function from node.

 

var aws = require('aws-sdk');
var lambda = new aws.Lambda({
    accessKeyId: 'id',
    secretAccessKey: 'key',
    region: 'us-west-2'
});

lambda.invoke({
    FunctionName: 'test1',
    Payload: JSON.stringify({
        key1: 'Arjun',
        key2: 'kom',
        key3: 'ath'
    })
}, function(err, data) {
    if (err) console.log(err, err.stack);
    else     console.log(data);
});

The keys are for an IAM user.

The user has AWSLambdaExecute and AWSLambdaBasicExecutionRole policies attached.

 

I get a permission error: 

AccessDeniedException: User: arn:aws:iam::1221321312:user/cli is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:1221321312:function:test1

 

 


The AWSLambdaExecute and AWSLambdaBasicExecutionRole do not provide the permissions that are being expressed in the error. Both of these managed policies are designed to be attached to your Lambda function itself, so it runs with these policies.

 

The error is saying the user under which the nodejs program is running does not have rights to start the Lambda function.

You need to give your IAM user the lambda:InvokeFunction permission:

  1. Find your User in the IAM Management Console and click it.
  2. On the "Permissions" tab, expand the "Inline Policies" section and click the "click here" link to add a policy".
  3. Select a "Custom Policy".
  4. Give your policy a name. It can be anything.
  5. Put this policy in the Policy Document field.

Sample policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1464440182000",
            "Effect": "Allow",
            "Action": [
                "lambda:InvokeAsync",
                "lambda:InvokeFunction"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

In this policy, I have included both methods to invoke lambda methods.

저작자표시 (새창열림)

'기타' 카테고리의 다른 글

git pull --prune / git error-"Did not send all necessary objects"  (0) 2024.06.24
똑똑해지고 싶으세요? “운동하세요”  (1) 2023.12.29
밥만 먹는 밥벌레 장군  (1) 2023.07.12
CSS3 - HTML img 태그에 넣은 svg 파일의 색상 바꾸기  (0) 2023.06.08
[LeetCode] Group Anagrams  (0) 2023.02.04
    '기타' 카테고리의 다른 글
    • git pull --prune / git error-"Did not send all necessary objects"
    • 똑똑해지고 싶으세요? “운동하세요”
    • 밥만 먹는 밥벌레 장군
    • CSS3 - HTML img 태그에 넣은 svg 파일의 색상 바꾸기
    mark340
    mark340
    착하게삽시다

    티스토리툴바