Hello all. I am trying to deploy a lambda (A) and inside that lambda invoke another already existing lambda (B). When I invoke A, and check A's logs, it tells me that the user used to deploy the lambdas (as in the Pulumi provider) is not authorized to perform: lambda:InvokeFunction on resource: B. I am wondering why it is trying to use the Pulumi user to invoke B instead of the role that it has configured already on A. No permissions that I add on A's role seem to do anything. The lambda seems determined to try and use the Pulumi provider user to invoke. Anyone encounter this?
For those wondering, I was attempting to use the invoke method on an aws.sdk.Lambda service object, but the problem was that I was instantiating this outside of the lambda in the pulumi code, hence it was using a service object constructed by the provider user. Moving the call to instantiate inside of the lambda fixed this.