Resource handler returned message: “User: arn:aws:iam::891377101820:user/kk_labs_user_158433 is not authorized to perform: iam:PutRolePolicy on resource: role lambda_execution_role because no identity-based policy allows the iam:PutRolePolicy action (Service: Iam, Status Code: 403, Request ID: ce549daa-8c70-4913-833e-14a3b42a2d26)” (RequestToken: b6884193-0037-4ea5-cde9-4f4a5f2d77ba, HandlerErrorCode: AccessDenied)
Hi @shubhamksawant3
AWS Playground is a sandboxed environment, so it does have certain restrictions, which could be causing the issue. It would really help if you could provide more details, such as what you are trying to achieve in this scenario. Just pasting the error logs might not be sufficient to resolve your issues.
Also, please post in the appropriate category, or your post might go unnoticed.
The Nautilus DevOps team needs to implement a Lambda function using a CloudFormation stack. Create a aws cdk python code named on the AWS client host and configure it to create the following components. The stack name must be devops-lambda-app.
Create a Lambda function named devops-lambda.
Use the Runtime Python.
The function should print the body Welcome to KKE AWS Labs!.
Ensure the status code is 200.
Create and use the IAM role named lambda_execution_role.
Resources:
LambdaExecutionRoleD5C26073:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: "2012-10-17"
RoleName: lambda_execution_role
LambdaExecutionRoleDefaultPolicy6D69732F:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource: "*"
Version: "2012-10-17"
PolicyName: LambdaExecutionRoleDefaultPolicy6D69732F
Roles:
- Ref: LambdaExecutionRoleD5C26073
DevopsLambdaFunction5618CEA9:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: "
import json
def lambda_handler(event, context):
\ body = \"Welcome to KKE AWS Labs!\"
\ return {
\ 'statusCode': 200,
\ 'body': body
\ }
\ "
FunctionName: datacenter-lambda
Handler: lambda_function.lambda_handler
Role:
Fn::GetAtt:
- LambdaExecutionRoleD5C26073
- Arn
Runtime: python3.9
DependsOn:
- LambdaExecutionRoleDefaultPolicy6D69732F
- LambdaExecutionRoleD5C26073
when iam trying to create this stack due to permission im unable to deploy the stack as per task
Please supply a review link to the KK Engineer task (you can find this via the KK Engineer dashboard), which will help us figure out what’s going on.
I solved it by manually creating in the IAM console a role called “lambda_execution_role” and then assigning the ARN of the role to the Lambda function in the CloudFormation YAML file.
1 Like
Hello tried doing the same but unable to attach policy to the role from console or code.
as there is a deny for iam:PutRolePolicy
ok good luck, and i suggest you to use the help of claude AI.