arberpolis
commented
7 years ago I just recognized it was due to a mistake I had made in the iam_policy config file. I am closing the issue. Sorry for the time wasted.
Closed arberpolis closed 7 years ago
arberpolis
commented
7 years ago I just recognized it was due to a mistake I had made in the iam_policy config file. I am closing the issue. Sorry for the time wasted.
Hi there, I really like the lab. I ran into an issue while testing the api with the host sharedsecretkey and apiendpointurl. The message is about missing permissions to perform route53:ListResource.
I followed the tutorial and created the role policy with the suggested permissions.
Below is the full stack trace.
Thanks for helping.
{"stackTrace": [["/var/task/lambda_function.py", 243, "lambda_handler", "return_dict = run_set_mode(set_hostname, valid ation_hash, source_ip)"], ["/var/task/lambda_function.py", 173, "run_set_mode", "'')"], ["/var/task/lambda_function.py" , 66, "route53_client", "MaxItems='2'"], ["/var/runtime/botocore/client.py", 253, "_api_call", "return self._make_api_c all(operation_name, kwargs)"], ["/var/runtime/botocore/client.py", 543, "_make_api_call", "raise error_class(parsed_res ponse, operation_name)"]], "errorType": "ClientError", "errorMessage": "An error occurred (AccessDenied) when calling t he ListResourceRecordSets operation: User: arn:aws:sts::519768181415:assumed-role/dynamic_dns_lambda_execution_role/dyn amic_dns_lambda is not authorized to perform: route53:ListResourceRecordSets on resource: arn:aws:route53:::hostedzone/ ZFZVNFRHXMOIV"}