Policy arn:aws:iam::aws:policy/AWSLambdaFullAccess does not exist or is not attachable

markvitapoly · March 27, 2021, 5:49am

this used to work a day ago, but now:

sls deploy --stage dev2
error: Policy arn:aws:iam::aws:policy/AWSLambdaFullAccess does not exist or is not attachable.

it looks like AWSLambdaFullAccess has been deprecated and possibly removed just now?
https://docs.aws.amazon.com/lambda/latest/dg/security_iam_troubleshoot.html#security_iam_troubleshoot-admin-deprecation

do I need to make a code change in the serverless framework code or can I update it in the serverless.yml?

org: markvitapoly
app: someapp
component: express
name: someappname

alisalahio · March 27, 2021, 5:04pm

I’m facing the same issue

antonis · March 27, 2021, 5:49pm

I am facing the same issue. Tried with versions 2.29.0, 2.31.0 and the ci/cd feature on serverless.com.
The error message when running “serverless deploy --debug”

NoSuchEntity: Policy arn:aws:iam::aws:policy/AWSLambdaFullAccess does not exist or is not attachable.
    at Request.extractError (/var/task/node_modules/aws-sdk/lib/protocol/query.js:50:29)
    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:116:18)

willsam100 · March 29, 2021, 1:46am

I also faced this issue. AWSLambdaFullAccess has been depreciated.
AWS has a replacement policy AWSLambda_FullAccess.
Full details can be found here: Troubleshooting AWS Lambda identity and access - AWS Lambda

antonis · March 29, 2021, 8:34am

The issue is tracked on Role already exists -> deleted role -> policy AWSLambdaFullAccess does not exist or is not attachable · Issue #918 · serverless/components · GitHub

scsbatu · March 29, 2021, 11:41am

I have the same issue when try to deploy a new lambda, but old lambda is still working.

Is there work arround

AWS a new policy AWSLambda_FullAccess. I created a role with AWSLambda_FullAccess and try to attach to lambda when deploy. but it did not work. (may be my method is wrong) every time it create a role

provider:
name: aws
stage: dev
region: us-east-1
iam:
role: arn:aws:iam::3373293854581:role/

jastsai · March 30, 2021, 5:09pm

is there a workaround or fix to this?

markvitapoly · March 30, 2021, 9:20pm

Yes. See Role already exists -> deleted role -> policy AWSLambdaFullAccess does not exist or is not attachable · Issue #918 · serverless/components · GitHub

use express@dev component until it’s merged.

mschreib28 · April 6, 2021, 12:55pm

That may work for component: express but what about component: aws-lambda where I wish to use Python as the implementation language?

Thanks!

janpio · April 17, 2021, 10:17pm

There is an open PR for the aws-lambda component, unfortunately not merged and released so seems we are stuck for now Update default role policy by alisalahio · Pull Request #45 · serverless-components/aws-lambda · GitHub