Vladimir Hraban
Reputation: 3581
Tagging AWS lambda function access denied
I am trying to use aws cli to tag a lambda function. However, I keep getting the access decided error. I even tried to give the user admin access in IAM, and still it does not work. I guess something else has to be configured somewhere that currently overrides the policy
root@fd9f516869e1:~# aws lambda tag-resource --resource $FUNCTION_ARN --tags CURRENT_COMMIT=${CIRCLE_SHA1}
An error occurred (AccessDeniedException) when calling the TagResource operation: User: <user ARN> is not authorized to perform: lambda:TagResource
The policy attached to the user is
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "<SID>",
"Effect": "Allow",
"Action": [
"tag:*",
"lambda:ListTags",
"lambda:TagResource",
"lambda:UntagResource",
"lambda:GetFunction",
"lambda:UpdateFunctionCode"
],
"Resource": [
"<my lambda ARN>"
]
}
]
}
Upvotes: 6
Views: 6914
Answers (1)
Dunedan
Reputation: 8435
As noted in the documentation for Lambda API Permissions and AWS Services That Work with IAM tag-related calls (ListTags, TagResources, UntagResources) can't be restricted to specific resources.
So access for tagging has to be granted for all Lambda functions. To get it working, you'd need to replace <my lambda ARN> in the policy above with *.
Upvotes: 4
Related Questions
- AccessDeniedException when deploying the lambda function
- Getting forbidden error for AWS Lambda Function URL
- AWS Lambda function creation giving 403 error
- User is not authorized to perform lambda function
- aws Lambda function access policy
- AWS CLI execute a lambda function issue
- Cannot create lambda function on AWS with Administrator permission
- AWS - {lambda function} may not have authorization defined
- CLI - Execution failed due to configuration error: Invalid permissions on Lambda function
- Not able to create a lambda function through AWS command