I'm trying to execute aws sam local invoke command in order to test my function locally. The problem occurs when I run this command passing profile parameter. The execution container sets account id as a dummy account like 123456789012
Does anybody knows If there is any thing cached here? When I deploy my project using sam deploy --guided everything runs perfect and code is uploaded to AWS
my ~/.aws/config and ~/.aws/credentials files are filled
credentials
[adm]
aws_access_key_id=XXXXXXXXXXXXXx
aws_secret_access_key=XXXXXXXXXXXXXXXXXX
config
[adm]
region = eu-west-1
output = json
➜ POC sam local invoke "ScheduleBusinessRuleFunction" --profile adm
Invoking scheduleBusinessRule (go1.x)
Skip pulling image and use local one: amazon/aws-sam-cli-emulation-image-go1.x:rapid-1.18.1.
Mounting /run/media/urkob/projects/Projects/POC/.aws-sam/build/ScheduleBusinessRuleFunction as /var/task:ro,delegated inside runtime container
START RequestId: bc99de19-290b-46fa-908a-744d54547cbe Version: $LATEST
operation error CloudWatch Events: PutTargets, https response error StatusCode: 400, RequestID: 8e335486-de38-49bb-a06e-8090e26e9628, api error AccessDeniedException: Access to the resource arn:aws:lambda:us-east-1:123456789012:function:POC-executeBusinessRule is denied. Reason: Adding cross-account target is not permitted.: OperationError
null
END RequestId: bc99de19-290b-46fa-908a-744d54547cbe
REPORT RequestId: bc99de19-290b-46fa-908a-744d54547cbe Init Duration: 0.14 ms Duration: 1415.60 ms Billed Duration: 1500 ms Memory Size: 128 MB Max Memory Used: 128 MB
{"errorMessage":"operation error CloudWatch Events: PutTargets, https response error StatusCode: 400, RequestID: 8e335486-de38-49bb-a06e-8090e26e9628, api error AccessDeniedException: Access to the resource arn:aws:lambda:us-east-1:123456789012:function:POC-executeBusinessRule is denied. Reason: Adding cross-account target is not permitted.","errorType":"OperationError"}%
➜ POC
UPDATED: 21/02/16 I've been searching what could be the problem. I'm using aws-sdk-go-v2 the example they exposed in ther official github documentation to get an instance of configuration:
I tryied two ways of getting config instance as you can see in this piece of code, the line commented and the line that comes after that is not commented.
import (
"context"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchevents"
)
//NewCloudWatchService scheduler service
func NewCloudWatchService() CWEPutEventsAPI {
cfg, err := config.LoadDefaultConfig(context.TODO())
//Happens the same in local with this line
// cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithSharedConfigFiles(config.DefaultSharedCredentialsFiles))
if err != nil {
panic("configuration error, " + err.Error())
}
return cloudwatchevents.NewFromConfig(cfg)
}
This is my template.yaml file. I'm developing usin AWS SAM yaml templates. As you can see I reference ExecuteLambda in ScheduleLambda using GettAtt method but when the code runs in local the region and accountId are always the same: default values.
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Globals:
Function:
Timeout: 5
Resources:
ScheduleBusinessRuleFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: POC-scheduleBusinessRule
CodeUri: functions/scheduleBusinessRule/
Handler: scheduleBusinessRule
Runtime: go1.x
MemorySize: 128
Timeout: 10
Tracing: Active
Role: !GetAtt SchedulerRole.Arn
Environment:
Variables:
LAMBDA_ARN: !GetAtt ExecuteBusinessRuleFunction.Arn
EVENT_BUS: "default"
ExecuteBusinessRuleFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: POC-executeBusinessRule
CodeUri: functions/executeBusinessRule/
Handler: executeBusinessRule
Runtime: go1.x
MemorySize: 128
Tracing: Active
