Hi I get this error when i try and create an Amplify Backend.
Seems to be realated to not being able to create lambda functions
aws lambda --profile haniq-main create-function --function-name my-function --zip-file fileb://function.zip --handler index.handler --runtime nodejs18.x --role arn:aws:iam::640766513655:role/lambda-ex
An error occurred (AccessDeniedException) when calling the CreateFunction operation: None
Well my account was blocked internally :)
Related
When I try to trigger the update-function-code through the Command line, I'm getting an error "not reachable in this region".
I believe that my current config profile being in eu-west-2 region is conflicting with the function deployment to us-east-1. Without having to change my profile and/or region, what is the best way to allow my user to access/write to this regions lambda function
aws lambda update-function-code \
--function-name arn:aws:lambda:us-east-1:xxxxxxxx:function:xxxxxx \
--zip-file fileb://lambda_bundle.zip
ERROR:
An error occurred (ResourceNotFoundException) when calling the UpdateFunctionCode operation: Functions from 'us-east-1' are not reachable in this region ('eu-west-2')
Usually you would just add --region to your command:
aws lambda update-function-code \
--function-name arn:aws:lambda:us-east-1:xxxxxxxx:function:xxxxxx \
--zip-file fileb://lambda_bundle.zip \
--region us-east-1
I use this command to add invoke lambda permission on cloudwatch:
aws lambda add-permission --function-name lambdaName \
--statement-id test --action lambda:InvokeFunction \
--principal logs.ap-southeast-2.amazonaws.com
what I don't understand is how I can view this permission on AWS console. I tried to look at cloudwatch but couldn't find anywhere about permission. And how can I convert it to cloudformation?
In console, you have to go to Permissions and look at Resource-based policy:
I want to create a lamba deployment package in python (with dependencies) using the Amazon tutorial.
When I push the .zip package with
aws lambda update-function-code --function-name my-function --zip-file fileb://function.zip
I get the following error
An error occurred (AccessDeniedException) when calling the UpdateFunctionCode operation:
User: arn:aws:iam::<ACCOUNT-ID>:user/jeanclaude is not authorized to perform: lambda:UpdateFunctionCode
on resource: arn:aws:lambda:eu-west-3:<ACCOUNT-ID>:function:my-function
Which policy should I grant to jeanclaude to give him the correct access?
The User created in AWS IAM which is configured with your AWS CLI using access_key and secret_key should have enough privileges to interact with AWS Lambda.
I would prefer AWSLambdaFullAccess policy attached to your User/Role. This is just for testing purpose and later you can reduce the privileges if you want.
Once you have done the above then if you run the command
aws lambda update-function-code --function-name "helloworld" --zip-file "fileb://./helloworld.zip" --region "eu-west-2"
it should work, note that for update-function-code mandatory field is just the --function-name other fields are optional.aws cli update-fuction-code
Also please take a note of the create-function command it has just the following fields as mandatory and all other are optional aws cli docs
create-function
--function-name <value>
--runtime <value>
--role <value>
--handler <value>
and the --role here is the role required by the lambda while executing to interact with other services (not to be confused by the user above)
The user needs permission to UpdateFunctionCode for that ARN. More specific information is here.
I am trying to upload AWS Lambda's layer deployment package to s3 bucket using aws cli(since it's more than 50 megs), here is my command:
aws lambda publish-layer-version --layer-name “layer name” --description "Layer description” --content S3Bucket=“s3-name/location”,S3Key=“package.zip”,S3ObjectVersion=“1” --license-info "MIT" --compatible-runtimes "nodejs8.10" --zip-file "fileb:////tmp/package.zip"
I am just not sure about the --content part where I am specifying (S3Bucket, S3Key and S3ObjectVersion). N.B it works perfectly without --content
aws lambda publish-layer-version --layer-name “layer name” --description "Layer description” --content S3Bucket=“s3-name/location”,S3Key=“package.zip”,S3ObjectVersion=“1” --license-info "MIT" --compatible-runtimes "nodejs8.10" --zip-file "fileb:////tmp/package.zip"
With the above code, I get the following error message:
An error occurred (InvalidParameterValueException) when calling the PublishLayerVersion operation: Please do not provide other FunctionCode parameters when providing a ZipFile.
You can try and create a json file, let's say "myJson.json"
and put inside:
{
"S3Bucket": "s3-name",
"S3Key": "location/package.zip",
"S3ObjectVersion": "1"
}
then call it like this:
aws lambda publish-layer-version --layer-name “layer name” --description "Layer description” --content file://myJson.json --license-info "MIT" --compatible-runtimes "nodejs8.10" --zip-file file://tmp/package.zip
Please be aware you should execute the command where you created "myJson.json" (so move over to its location with "cd" command
By the way this :
--zip-file "file:////tmp/package.zip"
can be replaced by
--zip-file file://tmp/package.zip
Hope this helps
I am trying to create a lambda function through the AWS command.When I'm executing the below command Its gives me the Unknown option error.
AWS Command:
aws lambda create-function --function-name function_name ukmon-appd-disabled-
health-rules --runtime python3.7 --zip-file
fileb://bin/disabled_health_rules.zip --handler index.handler --timeout 10 -
-memory-size 1024 --role arn:aws:iam::99999999999:role/crossaccount
Error:
Unknown options: ukmon-appd-disabled-health-rules
I've tried with different names.I am not able to understand what does that error mean. Thanks in advance.
Remove the function_name. It is being recognized as the value to the parameter --function-name instead of the ukmon-appd-disabled-health-rules.
You have the argument function-name written twice. Just remove one like this
aws lambda create-function --function-name ukmon-appd-disabled-
health-rules --runtime python3.7 --zip-file
fileb://bin/disabled_health_rules.zip --handler index.handler --timeout 10 -
-memory-size 1024 --role arn:aws:iam::99999999999:role/crossaccount