👀 Views: 425 💬 Answers: 1 📅 Created: 2025-05-31

aws cloudformation lambda permissions yaml

I'm confused about I'm currently working with an scenario while trying to update an AWS CloudFormation stack that includes an AWS Lambda function. During the update process, I receive the behavior message: `Resource update failed: AWS::Lambda::Function: myLambdaFunction - User: arn:aws:iam::123456789012:user/myUser is not authorized to perform: lambda:UpdateFunctionConfiguration on resource: arn:aws:lambda:us-west-2:123456789012:function:myLambdaFunction`. I have ensured that the IAM role associated with my CloudFormation stack has the necessary permissions like `lambda:UpdateFunctionConfiguration` and `lambda:UpdateFunctionCode`, yet the update still fails. Here’s the relevant part of my CloudFormation template: ```yaml Resources: myLambdaFunction: Type: 'AWS::Lambda::Function' Properties: FunctionName: myLambdaFunction Handler: index.handler Role: arn:aws:iam::123456789012:role/myLambdaExecutionRole Code: S3Bucket: myBucket S3Key: myLambda.zip Runtime: nodejs14.x Timeout: 30 MemorySize: 128 ``` Initially, I suspected that the role associated with the Lambda function might not have the execution permissions, but I verified that it contains the `AWSLambdaBasicExecutionRole`. Additionally, I have checked the stack events, and they indicate that this is specifically related to permission issues with updating the function configuration. I also made sure that my IAM user has the necessary permissions to perform CloudFormation stack updates. Could anyone guide to understand why I am working with this scenario? What steps should I take to resolve this permission behavior, or is there something I'm missing in my configuration? I recently upgraded to Yaml stable.