I have a weird IAM issue where I receive ```xyz is not autho Pulumi Community #aws

I have a weird IAM issue where I receive: ```xyz i...

gifted-student-18589

12/13/2022, 12:36 PM

I have a weird IAM issue where I receive:

Copy code

xyz is not authorized to perform: lambda:GetEventSourceMapping on resource: * because no identity-based policy allows the lambda:GetEventSourceMapping action"

But, my user clearly has these permissions (check sshot). Will all of the Cloudtrail debugging (the above message is from it) and trying different things, I still didn't manage to find what is running this and why wildcard is being used. I'm at a point where I'll just put

Resource: *

but still, just in case, I decided to ask if anybody had a similar experience.

purple-market-1813

12/13/2022, 3:27 PM

@gifted-student-18589 that resource looks odd, shouldn't the resource be a lambda function?

gifted-student-18589

12/13/2022, 3:44 PM

sry on a call, will respond in 15-30mins

gifted-student-18589

12/13/2022, 8:32 PM

from what I can see - no

gifted-student-18589

12/13/2022, 8:32 PM

message has been deleted

gifted-student-18589

12/13/2022, 8:32 PM

message has been deleted

gifted-student-18589

12/13/2022, 8:32 PM

https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html#awslambda-eventSourceMapping

gifted-student-18589

12/13/2022, 8:33 PM

in the end, I put

, already spent a lot of time on this 😅 we'll see later if it poses an issue 🙂

purple-market-1813

12/13/2022, 8:44 PM

ah, this might clear things up a bit based on actions grouped: https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html#permissions-resources-eventsource

gifted-student-18589

12/13/2022, 8:47 PM

definitely helps, thank you @purple-market-1813! 🙂

Open in Slack

Previous Next