User: arn:aws:sts::****:assumed-role/aws-lambda-execute/**** is not authorized to perform: cognito-idp:AdminInitiateAuth on resource: arn:aws:cognito
Thanks in advace for the help!
I am encountering an error when deploying my frontend nextjs code on vercel, whereas the same code is working correctly on my local machine.
I am using aws lambda and cognito service. lambda already deployed but and its work fine with nextjs local application but when i deploy nextjs app then its gives me the permission issue at the time of login.
AccessDeniedException: User: arn:aws:sts::672624023363:assumed-role/aws-lambda-execute/80a5c4b676c2fd90d3fee4d9b88ff4d1e8f99360429f3df3aa079adeffdecdf0 is not authorized to perform: cognito-idp:AdminInitiateAuth on resource: arn:aws:cognito-idp:us-east-2:6726240
The reason you are getting this issue on Vercel, and not on local is because AWS credentials seems to be missing on Vercel server.
On local machine, you might be having the aws credential profile configured and that profile might be having sufficient permissions to assume the required role.
Solution
Create an IAM user with sufficient permissions, and generate security credentials.
Add following AWS environment variables on your Vercel server where your application is running.
AWS_ACCESS_KEY_ID=<your access key id> AWS_SECRET_ACCESS_KEY=<your access secret key> AWS_DEFAULT_REGION=<aws region>See Vercel docs here learn how to do this.
I also found another blog post explaining the same thing. You may read this as well - How can I use AWS SDK Environment Variables on Vercel?
- Amazon SES cannot find DNS Records for "custom MAIL FROM domain" (after some time)
- How to make inference to a keras model hosted on AWS SageMaker via AWS Lambda function?
- How to deploy a Pre-Trained model using AWS SageMaker Notebook Instance?
- AWS sts assume role in one command
- How to connect AWS Elasticache Redis cluster to Spring Boot app?
- AWS elastic Beanstalk / nginx : connect() failed (111: Connection refused
- AWS ECS exec /usr/local/bin/docker-entrypoint.sh: exec format error
- How can I delete folder on S3 with Node.js?
- Enable caching for url query parameters in aws api gateway with terraform
- AWS IAM role principal vs role session principal
- Setting directory owner and permission with appspec.yml through Amazon Web Service CodeDeploy
- How to update multiple items in a DynamoDB table at once
- https on S3 WITHOUT cloudfront possible?
- How to query Views in Athena in a AWS Glue ETL job
- AWS glue to extract json referenced by id
- Unable to delete AWS VPC Endpoint
- Amazon textextract I can't find trp module
- Can't find AWS Lightsail permissions policy for my IAM user
- How to query dynamoDB based on key + attribute?
- AWS Bedrock RAG - Unable to sync data source in a knowledge base
- How to duplicate a Redshift table schema?
- SpringBoot + AWS cognito, can't resolve issuerUri
- image failed to show when Upload from Lambda
- How to use dynamoose in AWS AppSync JS resolver?
- How message from AWS DLQ gets deleted?
- Template format error: unsupported structure seen in AWS CloudFormation
- AWS InvalidSignatureException, Signature expired when running from docker container
- AWS Glue - o109.pyWriteDynamicFrame. ERROR: relation "xyz" already exists
- AWS - NoCredentialsError: Unable to locate credentials
- Amazon Athena CREATE EXTERNAL TABLE mismatched input 'external' invalidrequestexception