skip to Main Content

We have a pair of existing AWS Lambda functions that read/write from a DynamoDB table. I created a new function and table; the function is very basic, just does a putItem on the DynamoDB table. I can successfully invoke it with the test functionality in Lambda.
However, if I invoke the Lambda function using the FunctionURL or via API Gateway, I get the following error.
Logs

Yet in Configuration > Permissions in the Lambda interface I clearly see the permission:
Lambda Config

Suggestions where to check next? Comparison to our existing, working functions hasn’t revealed anything; everything I have checked in configured the same.

Thanks!

2

Answers


  1. What you could optionally check is that API Gateway is authorized to call your new Lambda. If so, then the Resource-based policy of the Lambda (still in the Permissions tab) should have something similar to:

    Resource-based policy example:

    Resource-based policy example

    Login or Signup to reply.
  2. When you invoke the lambda function in the lambda console, lambda is using an Execution role.

    When you invoke the lambda function via API gateway or via the function URL, it is likely that you are using IAM authorization. As a result, lambda is using the role of the principal who invoked the function (in this case, PatientWellnessDeregistration-role-3ospc0u3).

    The execution role is configured correctly, but the IAM role of the principal is lacking the required permissions.

    Further reading:

    https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
    https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search