Policy arn:aws:iam::aws:policy/AWSLambdaFullAccess does not exist or is not attachable

Serverless Framework
, ,
1

this used to work a day ago, but now:

  1. sls deploy --stage dev2
    error: Policy arn:aws:iam::aws:policy/AWSLambdaFullAccess does not exist or is not attachable.

it looks like AWSLambdaFullAccess has been deprecated and possibly removed just now?
https://docs.aws.amazon.com/lambda/latest/dg/security_iam_troubleshoot.html#security_iam_troubleshoot-admin-deprecation

do I need to make a code change in the serverless framework code or can I update it in the serverless.yml?

org: markvitapoly
app: someapp
component: express
name: someappname
2 Likes
2

I’m facing the same issue

1 Like
3

I am facing the same issue. Tried with versions 2.29.0, 2.31.0 and the ci/cd feature on serverless.com.
The error message when running “serverless deploy --debug”

NoSuchEntity: Policy arn:aws:iam::aws:policy/AWSLambdaFullAccess does not exist or is not attachable.
    at Request.extractError (/var/task/node_modules/aws-sdk/lib/protocol/query.js:50:29)
    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
1 Like
4

I also faced this issue. AWSLambdaFullAccess has been depreciated.
AWS has a replacement policy AWSLambda_FullAccess.
Full details can be found here: Troubleshooting AWS Lambda identity and access - AWS Lambda

5

The issue is tracked on Role already exists -> deleted role -> policy AWSLambdaFullAccess does not exist or is not attachable · Issue #918 · serverless/components · GitHub

6

I have the same issue when try to deploy a new lambda, but old lambda is still working.

Is there work arround

AWS a new policy AWSLambda_FullAccess. I created a role with AWSLambda_FullAccess and try to attach to lambda when deploy. but it did not work. (may be my method is wrong) every time it create a role

provider:
name: aws
stage: dev
region: us-east-1
iam:
role: arn:aws:iam::3373293854581:role/

7

is there a workaround or fix to this?

8

Yes. See Role already exists -> deleted role -> policy AWSLambdaFullAccess does not exist or is not attachable · Issue #918 · serverless/components · GitHub

use express@dev component until it’s merged.

9

That may work for component: express but what about component: aws-lambda where I wish to use Python as the implementation language?

Thanks!

10

There is an open PR for the aws-lambda component, unfortunately not merged and released so seems we are stuck for now :confused: Update default role policy by alisalahio · Pull Request #45 · serverless-components/aws-lambda · GitHub

1 Like