AWS: Lambda cannot read AWS PS parameters
I have AWS Lambda NET6 function and AWS PS parameters: RDS Connection string Swagger enabled Cognito Authority
When I run it locally (LocalEntryPoint) and read parameters - it works fine. When run the Lambda from AWS it cannot read PS and gives me an error:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> Amazon.SimpleSystemsManagement.AmazonSimpleSystemsManagementException: User: arn:aws:sts::074xxxxxxx:assumed-role/pm2supplier-stack-AspNetCoreFunctionRole-13TO039VZBQ7Y/pm2suppliers is not authorized to perform: ssm:GetParametersByPath on resource: arn:aws:ssm:eu-west-2:074xxxxxxxxx:parameter/PM2AWSLambda/ because no identity-based policy allows the ssm:GetParametersByPath action
How to fix it?
You need to add permission to the Lambda execution role to allow making read calls to the SSM service.
- In the AWS Management Console, go to IAM > Roles > Select your role > In the navigation pane, choose Roles > In the list, choose the name of your AWS lambda role OR To view the function's execution role, Open the Functions page of the Lambda console > Choose the name of a function > Choose Configuration Tab, and then choose Permissions > Here you can find the IAM link for your lambda Execution role and also Under Resource summary, you can review the services and resources that the function can access.
- Now Choose the Permissions tab in the IAM management console.
- Choose Add permissions > Attach policies and then search for AmazonSSMReadOnlyAccess managed policy and checkbox and add it.
Hope this helps.
- Terraform version error when deploying to AWS through jenkins?
- How do I add python libraries to an AWS lambda function for Alexa?
- How do I consume json logs inside Fargate using CDK?
- how to view aws log real time (like tail -f)
- AWS Simple AD create Directory User for AWS WorkSpaces via CLI or CloudFormation
- AWS SSO/AWS Opensearch SAML integration
- Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
- Huge difference in CDN invocations vs lambda invocations
- BigQuery Transfer Service does not copy rows from S3
- Textract cannot read object from S3 when running on Lambda
- Can't access external MongoDB Atlas database from Elastic Beanstalk's EC2 instance
- How to disable application logs for EKS Cloudwatch Observability addon and other configurations
- Lambda layer's contents don’t match the S3 object after deploying with Terraform
- Why is a web server (i.e Nginx) REQUIRED for FastAPI but not Express API?
- How to disable an AWS region?
- AWS: Make a resource (e.g. a lambda) public in production but private in development
- How can I set permissions to a specific folder with Elastic Beanstalk using a C# ASP.NET Core app?
- Defining a serverless Aurora database in cloudformation
- AWS Launch Configuration error: The requested configuration is currently not supported
- how to refer to resources created with for_each in terraform
- Visual Studio 2022: AWS Toolkit broken, won't let me reinstall
- AWS role vs iam credential in duckdb HTTPFS call
- AWS BATCH - how to run more concurrent jobs
- Does an AWS routing table only affect outbound traffic?
- Weird ("too smart") Route 53 wildcard behavior
- bash script for AWS assume-role
- How do I translate an AWS S3 url into a bucket name for boto?
- Github actions Configure AWS credentials Error: The security token included in the request is invalid
- AWS API Gateway / AWS Network Load Balancer: request ends in 500 InternalServerErrorException, How to specify the port to forward to?
- AWS CLI - Saving the full output as a log file