Amazon-web-services – AWS IAM Lambda “is not authorized to perform: lambda:GetFunction”

amazon-iam, amazon-web-services, aws-lambda

When I have my IAM Policy for my lambda execution role set to:

{    "Version": "2012-10-17",    "Statement": [        {            "Action": [                "lambda:GetFunction"            ],            "Resource": [                "*"            ],            "Effect": "Allow"        }    ]}

I get this error:

[AccessDeniedException: User:arn:aws:sts::xxx:assumed-role/supercoolsoftware-dev-us-west-2-lambdaRole/supercoolsoftware-dev-addEmailis not authorized to perform: lambda:GetFunction on resource:arn:aws:lambda:us-west-2:xxx:function:supercoolsoftware-dev-dailyEmail]

However, when I set the policy to:

{    "Version": "2012-10-17",    "Statement": [        {            "Action": [                "lambda:*"            ],            "Resource": [                "*"            ],            "Effect": "Allow"        }    ]}

The error is gone… What else do I need to add?

Best Solution

Figured it out. Apparently the SDK uses "lambda:GetFunctionConfiguration" as well. Once I included that it all worked.

{    "Version": "2012-10-17",    "Statement": [        {            "Action": [                "lambda:GetFunction",                "lambda:GetFunctionConfiguration"            ],            "Resource": [                "*"            ],            "Effect": "Allow"        }    ]}