Reputation: 9763
AWS lambda set function access policy programmatically
I am trying to set user specific lambda policies using this example. Can someone tell me why this resource specification to access only a single lambda is wrong?
resource = "arn:aws:region:*:*:function:orderinputapi-alpha-writeMe";
when I use:
resource="*"
it works perfectly (the user has full access to all lambdas), but when I try to restrict access to only allow a single lambda function I get "user is not authorized to access the resource" when I try to access it. I confirmed the function is the exact name of the lambda.
The full policy statement being created by my code is:
{ Action: 'execute-api:Invoke',
Effect: 'Allow',
Resource:'arn:aws:region:*:*:function:orderinputapi-alpha-writeMe' }
Upvotes: 0
Views: 154
Answers (1)
Reputation: 2365
There is an error with your ARN:
Instead of arn:aws:region:*:*:function:orderinputapi-alpha-writeMe, it should be arn:aws:lambda:*:*:function:orderinputapi-alpha-writeMe
Also, if you setting the permissions for the same region and account, you can simply drop * so the ARN would be:
arn:aws:lambda:::function:orderinputapi-alpha-writeMe
Upvotes: 1
Related Questions
- Variable in AWS IAM role to grant permissions to Lambda function
- aws Lambda function access policy
- Giving access to AWS Lambda service with limited policy
- How to call a list of AWS Lambda permissions for a function
- Lambda Policy Permissions: How to set Function Policy for lambda functions from AWS console?
- How to grant full access to just one Lambda function
- Creating a Lambda Function without using PassRole permission
- Lambda Function Serverless permission
- Problems with AWS Lambda function invocation policy with permission via SDK
- How to edit AWS EC2 instance's security groups to allow access to a lambda function only