Terraform scenarios to create AWS Lambda function due to missing permissions despite correct IAM role configuration
After trying multiple solutions online, I still can't figure this out. I'm upgrading from an older version and I've encountered a strange issue with This might be a silly question, but Hey everyone, I'm running into an issue that's driving me crazy..... I'm trying to deploy an AWS Lambda function using Terraform, but I'm getting an behavior saying 'User is not authorized to perform: lambda:CreateFunction on resource: arn:aws:lambda:us-east-1:123456789012:function:my-function'. I have verified that my IAM role is correctly set up with the necessary permissions, and I've attached the role to the Lambda function in the Terraform configuration. Here's the relevant portion of my Terraform code: ```hcl resource "aws_iam_role" "lambda_role" { name = "lambda_role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = "sts:AssumeRole" Effect = "Allow" Principal = { Service = "lambda.amazonaws.com" } } ] }) } resource "aws_lambda_function" "my_function" { function_name = "my-function" role = aws_iam_role.lambda_role.arn handler = "index.handler" source_code_hash = filebase64sha256("./lambda.zip") runtime = "nodejs14.x" } ``` I've also tried to explicitly add the policies to the role like this: ```hcl resource "aws_iam_policy_attachment" "lambda_policy_attachment" { name = "attach_lambda_policy" roles = [aws_iam_role.lambda_role.name] policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" } ``` Despite all of this, the behavior continues. I have double-checked the IAM role's permissions in the AWS console, and they seem to be correct. Am I missing something or is there an additional permission that I need to allow for the Lambda creation? Any insights would be greatly appreciated! Am I missing something obvious? This is happening in both development and production on Ubuntu 22.04. I'm developing on Debian with Hcl. Any ideas what could be causing this? The project is a REST API built with Hcl. What's the best practice here?