User: arn:aws:sts::****:assumed-role/aws-lambda-execute/**** is not authorized to perform: cognito-idp:AdminInitiateAuth on resource: arn:aws:cognito
Thanks in advace for the help!
I am encountering an error when deploying my frontend nextjs code on vercel, whereas the same code is working correctly on my local machine.
I am using aws lambda and cognito service. lambda already deployed but and its work fine with nextjs local application but when i deploy nextjs app then its gives me the permission issue at the time of login.
AccessDeniedException: User: arn:aws:sts::672624023363:assumed-role/aws-lambda-execute/80a5c4b676c2fd90d3fee4d9b88ff4d1e8f99360429f3df3aa079adeffdecdf0 is not authorized to perform: cognito-idp:AdminInitiateAuth on resource: arn:aws:cognito-idp:us-east-2:6726240
The reason you are getting this issue on Vercel, and not on local is because AWS credentials seems to be missing on Vercel server.
On local machine, you might be having the aws credential profile configured and that profile might be having sufficient permissions to assume the required role.
Solution
Create an IAM user with sufficient permissions, and generate security credentials.
Add following AWS environment variables on your Vercel server where your application is running.
AWS_ACCESS_KEY_ID=<your access key id> AWS_SECRET_ACCESS_KEY=<your access secret key> AWS_DEFAULT_REGION=<aws region>See Vercel docs here learn how to do this.
I also found another blog post explaining the same thing. You may read this as well - How can I use AWS SDK Environment Variables on Vercel?
- AWS CLI Create Default VPC
- Email address is not verified (AWS SES)
- RDS Proxy: PENDING_PROXY_CAPACITY and "DBProxy Target unavailable due to an internal error"
- mTLS on AWS ALBs across multiple regions
- How to debug a aws lambda function?
- AWS SAM retrieve secret value from Secret Manager with dynamic referencing
- Cloudfront redirect when signed cookies not present
- Is there a wildcard character in AWS EventBridge rules?
- Laravel file upload s3 Multipart
- Increase EC2 disk storage without losing any data
- AWS Lambda triggers SES in VPC
- Setting HTTP Headers with Lambda@Edge
- How to find an Amazon EC2 AMI if I only have the id?
- AWS Lambda - Can't set memory larger than 3008 MB
- Which one is the cheapest to use AWS RDS or my own database?
- AWS Glue Please verify role's TrustPolicy
- How to create event bus events with source 'aws.'?
- Terraform and AWS: No Configuration Files Found Error
- How to transfer the packets through NAT gateway instead of public IP?
- Is Aws well architected framework supports API's?
- Can't delete AWS internet Gateway
- Unable to Trigger Lambda function in AWS using Python code from my local setup
- How to login with AWS CLI using credentials profiles
- How to retrieve multiple endpoints using data "aws_vpc_endpoint" resource?
- When pushing to ECS, Docker image errors out with module not found error
- Is there a way to drop file extensions when using AWS CLI with --recursive?
- On-demand self-hosted AWS EC2 runner for GitHub Actions
- How to manage dev and prod environments in a SAM project with CloudFormation Stacks, API Gateway, Lambda, and other AWS services?
- EC2 Instance error telling me multiple IAM Roles are attached when I try to change it...?
- (NoSuchVersion) when calling the GetObject operation: The specified version does not exist