Is not authorized to perform an operation while I have the full access of an aws service

Question

I have created a simple nodejs script to handle the files in S3, and I want it to be executed on lambda. My admin has added me in IAM with full access to lambda and S3. However, when I select the "S3 execution Role" as my role, AWS banned this operation and gave me an error:

 is not authorized to perform: iam:PutRolePolicy on resource: role s3_exec_role

Why is that? Does this means I also need some other access?

it means while you have access to S3 and lambda you don't have access to IAM for PutRolePolicy - i.e you are trying to modify the IAM role s3_exec_role and access is denied — Sum1sAdmin, May 26 '16 at 11:01
@LingboTang I had the same problem can you explain how you solve it? — Abdul Hameed, Aug 25 '17 at 10:22
@AbdulHameed I think so, I'll give you a brief answer below. — RandomEli, Aug 25 '17 at 15:41

score 1 · Accepted Answer · answered Aug 25 '17 at 15:42

@Sum1sAdmin is correct, you don't have access to change IAM and PutRolePolicy which will have the higher authorization than s3_exec_role, what this error implies is that, you are trying to do an operation add a "role" to myself which need iam:PutRolePolicy as your permission. This is nothing related s3 or lambda. Add it yourself or ask your admin to add this for you, then you should be good to go.

Is not authorized to perform an operation while I have the full access of an aws service

1 Answers1