Basic deploy has Access Denied for AWS-Parameters-and-Secrets-Lambda-Extension

[YetAnotherUselessJake]

cdk deploy in the service blows up with some permissions errors

Full stack trace:

12:51:25 PM | CREATE_FAILED | AWS::Lambda::Function | LangChainHandlerDD6FD44B Resource handler returned message: "User: arn:aws:sts::942747732415:assumed-role/cdk-hnb659fds-cfn-exec-role-9 42747732415-us-west-2/AWSCloudFormation is not authorized to perform: lambda:GetLayerVersion on resource: arn: aws:lambda:us-east-1:177933569100:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4 because no resource-base d policy allows the lambda:GetLayerVersion action (Service: Lambda, Status Code: 403, Request ID: 64ab8809-cc5 4-49d2-996f-1b96c387404e)" (RequestToken: d53c00f6-d230-3dde-73bb-942b56d31849, HandlerErrorCode: AccessDenied )

❌ LangChainApp failed: Error: The stack named LangChainApp failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "User: arn:aws:sts::942747732415:assumed-role/cdk-hnb659fds-cfn-exec-role-942747732415-us-west-2/AWSCloudFormation is not authorized to perform: lambda:GetLayerVersion on resource: arn:aws:lambda:us-east-1:177933569100:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4 because no resource-based policy allows the lambda:GetLayerVersion action (Service: Lambda, Status Code: 403, Request ID: 64ab8809-cc54-49d2-996f-1b96c387404e)" (RequestToken: d53c00f6-d230-3dde-73bb-942b56d31849, HandlerErrorCode: AccessDenied) at FullCloudFormationDeployment.monitorDeployment (/Users/jmannix/.volta/tools/image/packages/aws-cdk/lib/node_modules/aws-cdk/lib/index.js:397:10236) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async deployStack2 (/Users/jmannix/.volta/tools/image/packages/aws-cdk/lib/node_modules/aws-cdk/lib/index.js:400:145739) at async /Users/jmannix/.volta/tools/image/packages/aws-cdk/lib/node_modules/aws-cdk/lib/index.js:400:128776 at async run (/Users/jmannix/.volta/tools/image/packages/aws-cdk/lib/node_modules/aws-cdk/lib/index.js:400:126782)

❌ Deployment failed: Error: Stack Deployments Failed: Error: The stack named LangChainApp failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "User: arn:aws:sts::942747732415:assumed-role/cdk-hnb659fds-cfn-exec-role-942747732415-us-west-2/AWSCloudFormation is not authorized to perform: lambda:GetLayerVersion on resource: arn:aws:lambda:us-east-1:177933569100:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4 because no resource-based policy allows the lambda:GetLayerVersion action (Service: Lambda, Status Code: 403, Request ID: 64ab8809-cc54-49d2-996f-1b96c387404e)" (RequestToken: d53c00f6-d230-3dde-73bb-942b56d31849, HandlerErrorCode: AccessDenied) at deployStacks (/Users/jmannix/.volta/tools/image/packages/aws-cdk/lib/node_modules/aws-cdk/lib/index.js:400:129083) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async CdkToolkit.deploy (/Users/jmannix/.volta/tools/image/packages/aws-cdk/lib/node_modules/aws-cdk/lib/index.js:400:147788) at async exec4 (/Users/jmannix/.volta/tools/image/packages/aws-cdk/lib/node_modules/aws-cdk/lib/index.js:455:51984)

Stack Deployments Failed: Error: The stack named LangChainApp failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "User: arn:aws:sts::942747732415:assumed-role/cdk-hnb659fds-cfn-exec-role-942747732415-us-west-2/AWSCloudFormation is not authorized to perform: lambda:GetLayerVersion on resource: arn:aws:lambda:us-east-1:177933569100:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4 because no resource-based policy allows the lambda:GetLayerVersion action (Service: Lambda, Status Code: 403, Request ID: 64ab8809-cc54-49d2-996f-1b96c387404e)" (RequestToken: d53c00f6-d230-3dde-73bb-942b56d31849, HandlerErrorCode: AccessDenied)

[BeerOpsHQ]

+1

[josereymondaguilar]

+1