ASA-Notifier Lambda function throwing access denied error for s3 iam-auto-key-rotation-enforcement.html

[ptyo]

Error while getting file contents for iam-auto-key-rotation-enforcement.html - An error occurred (AccessDenied) when calling the GetObject operation: Access Denied

Got everything working but the above. Can't figure out why I am getting access denied error...

[ptyo]

Ok I have found two issues.... both in Primary Account

First issue:

ASA-iam-key-auto-rotation-NotifierFunctionExecutio-WDN8XIWP171N that iam role needs more permissions to get at the file...

Second Issue:

ASA-Notifier lambda function has typo... in the code notifier.py line 59 has /Template/ in the codecommit its lower case... change to /template/

Hope that helps someone else...

[juanbino]

The error is because the folder template (where the template for the email is located) is created in lower letter, however the policy providing access to the S3 Object, called the folder with a cap letter "Template", you can just modify the name of the folder from template to Template.

[botscholar-scott]

I renamed the template folder to Template but I still see Access Denied errors with the message,

Error while getting file contents for iam-auto-key-rotation-enforcement.html - An error occurred (AccessDenied) when calling the GetObject operation: Access Denied

[botscholar-scott]

In our case our <our-IAM-Key-rotation-stack>-NotifierFunctionExecution-5pNi5KC1w18c IAM role had the following Statement,

            "Condition": {
                "StringEquals": {
                    "aws:PrincipalOrgID": "<our_org_id_here>"
                }
            },

and manually deleting that section got to the next error related to the (MessageRejected) when calling the SendEmail operation error.