AWS lambda set function access policy programmatically

Question

I am trying to set user specific lambda policies using this example. Can someone tell me why this resource specification to access only a single lambda is wrong?

resource = "arn:aws:region:*:*:function:orderinputapi-alpha-writeMe";

when I use:

resource="*"

it works perfectly (the user has full access to all lambdas), but when I try to restrict access to only allow a single lambda function I get "user is not authorized to access the resource" when I try to access it. I confirmed the function is the exact name of the lambda.

The full policy statement being created by my code is:

{ Action: 'execute-api:Invoke',
Effect: 'Allow',
Resource:'arn:aws:region:*:*:function:orderinputapi-alpha-writeMe' }

score 1 · Answer 1 · answered Aug 24 '20 at 22:04

There is an error with your ARN: Instead of arn:aws:region:*:*:function:orderinputapi-alpha-writeMe, it should be arn:aws:lambda:*:*:function:orderinputapi-alpha-writeMe

Also, if you setting the permissions for the same region and account, you can simply drop * so the ARN would be:

arn:aws:lambda:::function:orderinputapi-alpha-writeMe

AWS lambda set function access policy programmatically

1 Answers1