3

Trying to create a new AWS Lambda Function with the root account for the first time using management console. I am receiving the error "Request failed with status code 403" no matter how many different options I tried.

I've already tried changing my region, creating the function with default role(basic lambda permissions), new role, existing role and with the options "Author from Scratch", "Use a blueprint", "Serverless app repository" but still getting the same error.

How can i troubleshoot and solve this problem?

enter image description here

mrgenco
  • 348
  • 2
  • 9
  • 27
  • Have you tried changing region? Do you have permissions to create functions? Aws cli also doesn't work? – Marcin Nov 10 '20 at 07:24
  • Changing my region didn't work but my S3 bucket and DynamoDB table is located in the same region so it should be ok with the same region right? Since i am trying this with the root account i didn't set any permission for creating function. I am relatively a new user so dont know much about aws cli yet. – mrgenco Nov 10 '20 at 07:31
  • Is your account part of AWS organization? – Marcin Nov 10 '20 at 08:37
  • No, it is AWS free tier account with the root access. I did not create or be part of any organization. – mrgenco Nov 10 '20 at 08:40
  • 2
    Can you check your "Personal Health Dashbord" as a suggeted [here](https://stackoverflow.com/questions/64778412/cannot-create-lambda-function-on-aws-with-administrator-permission?noredirect=1#comment114534289_64778412) – Marcin Nov 11 '20 at 00:37
  • 2
    Thanks a lot I've found the reason when i opened the dashboard. I realized that they opened a Support Case for a security leak(Risk IAM quarantine) They limited my usage of services due to this case. I've taken all the steps that they suggested and now can create a new function. – mrgenco Nov 11 '20 at 06:53
  • 2
    No problem. Same case for the other question. Replacing access keys helped. – Marcin Nov 11 '20 at 06:55
  • 1
    @Marcin could you please write your comment as an answer? Your comment solved my problem. – mrgenco Dec 09 '20 at 08:48

10 Answers10

1

Faced with same issue, but "Personal Health Dashbord" is clear for me, nothing strange here.

Just about month ago i created it successfully. Also, my free tier plan was expired, but may be it the reason?

enter image description here

Also, can't delete old functions :

enter image description here

Nigrimmist
  • 10,289
  • 4
  • 52
  • 53
  • answered to this question here : https://stackoverflow.com/questions/65059561/cant-create-delete-publish-lambda-on-amazon-aws-getting-403-access-denied/65118711 – Nigrimmist Dec 03 '20 at 01:47
  • My problem was about a security leak. Marcin's comment solved my problem. Thanks – mrgenco Dec 09 '20 at 08:49
1

Based on the comments.

The issue was resolved by checking Event Logs AWS Personal Health Dashboard, which indicated that permissions on the account were temporary limited by AWS due to Risk IAM quarantine and some suspicious activity.

Marcin
  • 215,873
  • 14
  • 235
  • 294
1

So this is essentially a role based issue and definitely seems to be a bug in the lambda console. What worked for me is to first go to the IAM console , create a role , attach a policy with 'AdministratorAccess',and in 'Trust Relationships' tab add 'lambda.amazonaws.com' as a trusted entity. After this , while creating a lambda function, use this existing role ( instead of creating a new one), and it it should work.

Sony Mathew
  • 41
  • 1
0

Go to IAM roles. Your role already there In Lambda function configuration first try to use an existing role and chooes the role name with your function name. see if thats works.

Else since its free teir delete all IAM roles and try again

Dilshan Boteju
  • 21
  • 3
0

In my case it turned out to be because my session had expired. I closed and then reopened, and the error disappeared.

rodrigo guzman
  • 1
0

I have had similar error when tried to call the lambda from the test interface: 'An error occurred when creating the trigger: Request failed with status code 403'

the problem was that I was logged out because I was not active in the AWS console and when I re-logged then it was ok.

Ivan
  • 139
  • 1
  • 5
0

Yes, it's a quarantine message by an AWS security rule or policy broke, for example: publish critical AWS data in a public repository.

jimbuho
  • 46
  • 4
0

One of the problem that I saw was if you try to create behind corporate firewall, and if cdn is blocked for example below URL.. get the erro https://a.b.cdn.console.awsstatic.com/cafcd473033d51cd552a86e38ae4bbe1b0c88d6c5eab3a9b82e08864508bd0e4/hello-world-packages/nodejs16.x.zip

Vinod K
  • 1
  • 1
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 10 '23 at 05:36
-1

If nothing is working then just wait 24 hours and try again. It worked for me.

Shubham K.
  • 67
  • 1
  • 9
-1

403 is access denied, and sometimes if your MFA has expired then you can refresh and try again or check for the policies if it has been changed.

Abhijith Raj
  • 1