I keep getting this error no matter what cloudformation template permission I think of trying.
Error invoking another lambda: failed to invoke function arn:aws:lambda:us-east-1::function:: operation error Lambda: Invoke, https response error StatusCode: 403, api error AccessDeniedException: User: arn:aws:sts:::assumed-role// is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1::function: because no identity-based policy allows the lambda:InvokeFunction action
I tried adding this resource based policy to the cloud formation:
"InvokeLambdaFunction": {
"DependsOn": [
"LambdaFunction"
],
"Type": "AWS::Lambda::Permission",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Fn::Sub": "FunctionToCall-${env}"
},
"Principal": "lambda.amazonaws.com",
"SourceArn": {
"Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:InvokerFunction-${env}"
}
}
}
How is this wrong or what more do I need to do to enable this?
I just learned that amplify update function added invoke privileges to the relevant lambda for me, so I didn't have to manually mess with the templates at all.