Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Generated permissions insufficient to deploy to Lambda

See original GitHub issue

When I try to deploy to Lambda from a pipeline with a CloudFormationCreateUpdateStackAction action, the deployment fails due to insufficient permissions.

Reproduction Steps

  1. Follow
  2. Pipeline will fail
  • Error shown is “UPDATE_FAILED Your access has been denied by S3, please make sure your request credentials have permission to GetObject for […]. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambdaInternal; Status Code: 403; Error Code: AccessDeniedException; […])”
  • Further inspection reveals that the KMS key used with the source code bucket doesn’t whitelist the execution role for the Lambda function.


Using the following class instead of CloudFormationCreateUpdateStackAction will grant the required permissions:

class FixedStackAction extends codepipeline_actions.CloudFormationCreateUpdateStackAction {
  bound(scope: any, stage: any, options: any): any {
    const result = super.bound(scope, stage, options);
    options.bucket.grantRead((this as any)._deploymentRole);
    return result;

Suggested fix

Review adding grantRead() to CloudFormationCreateUpdateStackAction as appropriate.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:11 (5 by maintainers)

github_iconTop GitHub Comments

skinny85commented, Jan 7, 2020

We have a release happening as we speak, please be patient a little while longer!

solsharkcommented, Dec 30, 2019

Looking very much forward.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Cannot access AWS Lambda console with the error saying ...
Now, I need to deploy them on to a different AWS account where my IAM user has an AdministratorAccess permission. I've set up...
Read more >
Troubleshoot Lambda permissions issues - Amazon AWS
The AWS service responsible for invoking the Lambda function doesn't have sufficient permission to invoke the function. A user account doesn't ...
Read more >
Lambda You do not have sufficient permission. Access denied ...
When I try to access Lambda Dashboard/Functions from root account, I get this error: You do not have sufficient permission. Access denied.
Read more >
Configuring Custom AWS IAM Permissions for Lambda ...
The role NewRelicLambdaIntegrationRole created with a CloudFormation ... You Can't Deploy an Application Due to Insufficient IAM Permissions.
Read more >
General Issues - AWS .NET deployment tool
Insufficient IAM Permissions ... Why is this happening: Access to AWS is governed by IAM policies. They are a group of permissions which...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found