CODEWITHSUNDEEP
amazon-web-servicesaws-lambdaamazon-dynamodb
Stephen Smith
Stephen Smith

Reputation: 352

AWS Lambda Invocation Works w/ Test, but not within call flow

So I have a AWS Lambda set up and it successfully runs when I use the call event object to run it. However, when I run it within a call flow I have going, I get a 403 error. What confuses me about this is why would it be able to enter information into my DynamoDB table when it runs independently of the call flow, but when I run it within the call flow, it doesn't like it? I believe I have all the permissions set up correctly.

This is the IAM policy I have set up for the lambda below.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "dynamodb:*",
                "lambda:*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "logs:CreateLogGroup",
            "Resource": "arn:aws:logs:us-west-2:531698586584:*"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "arn:aws:logs:us-west-2:531698586584:log-group:/aws/lambda/writeMessage:*"
        }
    ]
}

Here is what I'm seeing in cloud watch:


{
    "Results": "Status Code: 403; Error Code: AccessDeniedException; RequestId: 914f7a33-07d1-42bd-aad4-f6d93a1c624c",
    "ContactId": "676acfe3-d343-40b5-95e3-5ed9587eb962",
    "ContactFlowId": "arn:aws:connect:us-west-2:531698586584:instance/4a077dd8-53c1-4e29-8d49-5ca96f5e81c3/contact-flow/41b20716-4e74-45c5-8d82-eb1222509a02",
    "ContactFlowName": "AWS VanityPhone Contact Flow",
    "ContactFlowModuleType": "InvokeExternalResource",
    "Timestamp": "2021-10-30T22:49:05.317Z",
    "Parameters": {
        "FunctionArn": "arn:aws:lambda:us-west-2:531698586584:function:vanity-phone-lambda",
        "Parameters": {
            "phoneNumber": ".+12154985656"
        },
        "TimeLimit": "3000"
    }
}

Upvotes: 1

Views: 492

Answers (2)

Prateek Agrawal
Prateek Agrawal

Reputation: 36

The 'AccessDeniedException' is because the Lambda function is not linked to the contact flow of AWS connect. The process to add the lambda function -

  • go to Amazon Connect -> Instances -> select instance alias
  • then on the left-hand panel, select 'contact flows'
  • In there you will see the AWS LAMBDA option. Just add the lambda function you are going to use in the call flow and done!

Upvotes: 2

ShengHow95
ShengHow95

Reputation: 246

I believed it's your call flow that does not have the right permission to invoke your lambda function. You should probably add this line lambda:InvokeFunction to the IAM Role used by the call flow.

Upvotes: 0

Related Questions