I created a function that writes to dynamo and is associated with a custom role. When I remove the policy from the role that allows writes to my dynamo table and test the function again, the function is still able to write to the table.
Why does a change to the role not take effect in the lambda function? Is this a bug?
I found that if I modify the description of the function and save it, the function now cannot write to dynamo as originally expected.
Keep in mind that all IAM role and policy management happens in us-east-1, so if you are running in another region it can take a little while for the changes to be replicated to the region you are in.
This isn't an issue with the token refresh. While it's true that a token is not revoked when there is a change, the permissions are always evaluated at the time of the request, not at the time the token was created.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With