Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Lambda role doesn't update when policy is removed

I created a function that writes to dynamo and is associated with a custom role. When I remove the policy from the role that allows writes to my dynamo table and test the function again, the function is still able to write to the table.

Why does a change to the role not take effect in the lambda function? Is this a bug?

I found that if I modify the description of the function and save it, the function now cannot write to dynamo as originally expected.

like image 996
Dan Kowalczyk Avatar asked Sep 14 '17 05:09

Dan Kowalczyk


1 Answers

Keep in mind that all IAM role and policy management happens in us-east-1, so if you are running in another region it can take a little while for the changes to be replicated to the region you are in.

This isn't an issue with the token refresh. While it's true that a token is not revoked when there is a change, the permissions are always evaluated at the time of the request, not at the time the token was created.

like image 84
Jason Wadsworth Avatar answered Oct 15 '22 10:10

Jason Wadsworth