Error publishing ASP.NET Core Web API to AWS Serverless Lambda: 'AWSLambdaFullAccess' at 'policyArn' ... Member must have length greater than

Question

For over a year I have been able to publish a ASP.NET Core Web API application using Visual Studio 2019 by selecting "Publish to AWS Lambda..." without incident (via a right click on the project). Until yesterday. Now it consistently fails to publish and rolls back.

The following two reasons are given as to why it has failed.

1. 1 validation error detected: Value 'AWSLambdaFullAccess' at 'policyArn' failed to satisfy constraint: Member must have length greater than or equal to 20 (Service: AmazonIdentityManagement; Status Code: 400; Error Code: ValidationError; Request ID: ...; Proxy: null)

2. The following resource(s) failed to create: [AspNetCoreFunctionRole, Bucket]. Rollback requested by user.

I have looked at AWSLambdaFullAccess and AWSLambda_FullAccess and the other things and just have no model to follow or even know what it is referring to in any sense where I can imagine a fruitful path to proceed. What exactly is the "Member" it is referring to? Extensive research has yielded nothing of use.

I want to successfully publish my Web API. What can I look into to proceed?

Answer 1

This may not be the correct or ideal solution, I tried this approach and it worked

Step 1:

Changed the Access from "AWSLambdaFullAccess" to "AWSLambda_FullAccess" in serverless.template

"Resources": {
"AspNetCoreFunction": {
  "Type": "AWS::Serverless::Function",
  "Properties": {
    "Handler": "SampleAPI::SampleAPI.LambdaEntryPoint::FunctionHandlerAsync",
    "Runtime": "dotnetcore3.1",
    "CodeUri": "",
    "MemorySize": 256,
    "Timeout": 30,
    "Role": null,
    "Policies": [
      "AWSLambda_FullAccess"
    ],
    "Environment": {
      "Variables": {
        "AppS3Bucket": {

Lambda publishing was successful after this step.

Step 2:

Then I faced an issue in accessing the DynamoDb table. I went to IAM role added the DynamoDb Execution role. (Previously I don't remember adding this role explicitly)

Answer 2

According to https://docs.aws.amazon.com/lambda/latest/dg/access-control-identity-based.html the AWSLambdaFullAccess policy has just been deprecated and as a result my stack which I tried to update was stuck in UPDATE_ROLLBACK_FAILED.

To fix this I had to take the following steps:

1. Manually continue the rollback of the stack from the CloudFormation page and ensuring that I was skipping the role which was referencing AWSLambdaFullAccess.
2. Change my AWSLambdaFullAccess reference to AWSLambda_FullAccess in the CloudFormation template
3. Update the stack using my newly updated CloudFormation template

Hope this is able to help someone!