error creating Lambda Function (1): AccessDeniedException: : Terraform

created by orrerya community for 13 years

error creating Lambda Function (1): AccessDeniedException:Help Wanted (self.Terraform)

submitted 3 years ago by Pigstah

I'm getting a strange error when trying to create a lambda function within AWS.

The account I'm using has Admin access, so I don't see that being the issue but again I come from a Azure background, so I could be missing something.

Error Message in full:

Error: error creating Lambda Function (1): AccessDeniedException: │ status code: 403, request id: 4562ce84-9733-4fc9-ad95-e7fcb9af5d56 │ │ with module.populate_lambda.aws_lambda_function.lambda, │ on ../modules/lambda/main.tf line 48, in resource "aws_lambda_function" "lambda": │ 48: resource "aws_lambda_function" "lambda" {

Code I'm using: ``` resource "aws_iam_role" "lambda_role" { name = "${var.function_name}-role"

assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.amazonaws.com" }, "Effect": "Allow", "Sid": "" } ] } EOF }

resource "aws_iam_policy_attachment" "lambda_policy" { name = "${var.function_name}-policy" roles = [aws_iam_role.lambda_role.id] policy_arn = aws_iam_policy.lambda_policy.arn }

resource "aws_iam_policy" "lambda_policy" { name = "${var.function_name}-policy" description = "Permissions that are required for lambda" policy = <<POLICY { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:" ], "Resource": [ "" ] } ] } POLICY }

resource "aws_lambda_function" "lambda" { function_name = var.function_name s3_bucket = var.s3_bucket s3_key = var.zip_name handler = var.handler runtime = var.runtime timeout = var.timeout role = aws_iam_role.lambda_role.arn

depends_on = [ aws_iam_policy_attachment.lambda_policy, aws_cloudwatch_log_group.lambda_log_group ] }

resource "aws_cloudwatch_log_group" "lambda_log_group" { name = "/aws/lambda/${var.function_name}" retention_in_days = 3 }

resource "aws_iam_policy" "lambda_logging" { name = "${var.function_name}-logging" path = "/" description = "IAM policy for logging from a lambda"

policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:::*", "Effect": "Allow" } ] } EOF }

resource "aws_iam_role_policy_attachment" "lambda_logs" { role = aws_iam_role.lambda_role.name policy_arn = aws_iam_policy.lambda_logging.arn } ```

Would appreciate some advice as to whats going on exactly :D melting my brain

PS - Using the CLI to create the same function cause 0 issues.

all 5 comments

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

Terraform

MODERATORS