I am trying to invoke one lambda from another.
The exact/full error message is:
An error occurred (AccessDeniedException) when calling the Invoke operation: User: arn:aws:sts::680782302443:assumed-role/convertToAudioAndStore-dev-us-west-2-lambdaRole/convertToAudioAndStore-dev-convertToAudioAndStore0 is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:680782302443:function:convertToAudioAndStore: ClientError
I’m assuming this can be fixed by adding something to my serverless.yml, and I assume this is the only place I would want to make the change, because hacking on the AWS Console while also hacking the serverless environment would seem to be a bad idea.
I’ve tried a million things, but don’t think I’m any closer. e.g. I added the following (and a few dozen other versions) to my serverless.yml, but no luck:
iamRoleStatements:
- Effect: Allow
Action:
- “lambda:"
Resource: "”
For now I’d be happy to brute force this – allow this user/function/something to get to any/all AWS resources.
Thanks for any tips.