Menu
In my project i create a lambda function in python code that in one method have to call another lambda function using boto3. In my main lambda i create client like this:
client = boto3.client('lambda')
then i invoke my method in this fashion:
response = client.invoke(
FunctionName='arn:aws:lambda:eu-west-1:1577:function:test',
InvocationType='RequestResponse',
LogType='None',
Payload=json.dumps(d)
)
but when i test my main lambda console return this error:
An error occurred (AccessDeniedException) when calling the Invoke operation: User
I try to set in my enviroment variables the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY but when i try to Save, return this error:
Lambda was unable to configure your environment variables because the environment variables you have provided contains reserved keys that are currently not supported for modification. Reserved keys used in this request: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
How can i set in lambda a call using a IAM user?
Thanks in advance
955
In order to allow the ParentFunction to call the ChildFunction, we need to provide the ParentFunction with specific rights to call another lambda function. This can be done by adding specific policies to a role and then assign that role to the lambda function.
To have your Lambda function assume an IAM role in another AWS account, do the following: Configure your Lambda function's execution role to allow the function to assume an IAM role in another AWS account. Modify your cross-account IAM role's trust policy to allow your Lambda function to assume the role.
Serverless applications usually consist of multiple Lambda functions. Each Lambda function can use only one runtime but you can use multiple runtimes across multiple functions. This enables you to choose the best runtime for the task of the function.
To resolve either error, you must subscribe your Lambda function to the SNS topic from the AWS account where your Lambda function is located. You can do this using either the Lambda console or AWS CLI. 1. On the Functions page of the Lambda console, choose your function. 2. Under Overview, choose Add trigger.
It's important to note AccessDeniedException it's because the service or user deploying is lacking enought permissions. Which is not related to permissions assigned to the Lambda's role. The IAM Role used by my lambda role/LambdaExecution-some-lambda is pretty much the one in AWS Lambda's Developer Guide documentation
On the Functions page of the Lambda console, choose your function. 2. Under Overview, choose Add trigger. For more information, see Use the function overview. 3. For Trigger configuration, choose Select a trigger, and then choose SNS. 4. For SNS topic, paste the SNS topic Amazon Resource Name (ARN) from the other AWS account. 5.
So to use this method we should first import our AWS-SDK in the function. This is done to provide JavaScript objects for our AWS service. Next, we import our Lambda service and define its region, as shown below. Mine is in Oregon and hence I used “us-west-2".
Instead of using an IAM user, attach the Lambda invoke permission to the existing IAM role attached to your parent Lambda function.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "InvokePermission",
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": "*"
}
]
}
Note: You can specify the ARN of the Lambda function that is being invoked for the Resource.
162
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
