I have a weird IAM issue where I receive:

xyz is not authorized to perform: lambda:GetEventSourceMapping on resource: * because no identity-based policy allows the lambda:GetEventSourceMapping action"

But, my user clearly has these permissions (check sshot). Will all of the Cloudtrail debugging (the above message is from it) and trying different things, I still didn't manage to find what is running this and why wildcard is being used. I'm at a point where I'll just put

Resource: *

but still, just in case, I decided to ask if anybody had a similar experience.

@gifted-student-18589 that resource looks odd, shouldn't the resource be a lambda function?

sry on a call, will respond in 15-30mins

ah, this might clear things up a bit based on actions grouped: https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html#permissions-resources-eventsource

definitely helps, thank you @purple-market-1813! 🙂