One of my lambda functions (
authSignup) creates user account in Cognito user pool. And there is another function (
authEmailTrigger) set as Custom message trigger (to change text of email confirmation). But now it started to fail with this message:
arn:aws:lambda:us-east-1:...-authSignup invocation failed with error User: arn:aws:sts::745623467555:assumed-role/awscognitoidentityproviderservice-ec2-InstanceRole-... is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:...-authEmailTrigger (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: ...)
Weird is that it worked before in functions created by RC version of Serverless but now it fails in service deployed by latest Serverless. And I’m not aware that I would change anything in my code which could cause it (however downgrading to the rc version doesn’t help). Would anyone have some clue where could be a problem or how to fix it?
I tried to put policy allowing
iamRoleStatements of serverless.yml but without success (anyway it wasn’t there earlier).