AWS IAM Lambda “is not authorized to perform: lambda:GetFunction”

Question

asked Jul 30, 2019 in AWS by yuvraj (19.1k points)

When I have my IAM Policy for my lambda execution role set to:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "lambda:GetFunction"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        }
    ]
}

I get this error:

[AccessDeniedException: User:
arn:aws:sts::xxx:assumed-role/supercoolsoftware-dev-us-west-2-lambdaRole/supercoolsoftware-dev-addEmail
is not authorized to perform:
lambda:GetFunction on resource:
arn:aws:lambda:us-west-2:xxx:function:supercoolsoftware-dev-dailyEmail]

However, when I set the policy to:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "lambda:*"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        }
    ]
}

The error is gone... What else do I need to add?

1 Answer

kodee · Answer 1 · 2019-07-30T12:27:31+0000

The SDK requires lambda:GetFunctionConfiguration too. It will work if you add it under Action.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "lambda:GetFunction",
                "lambda:GetFunctionConfiguration"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        }
    ]
}

AWS IAM Lambda “is not authorized to perform: lambda:GetFunction”

AWS IAM Lambda “is not authorized to perform: lambda:GetFunction”

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Related questions

Want to get 50% Hike on your Salary?

Browse Categories

Popular Courses

Top Tutorials

Top Articles

Top Interview Questions