How to fix the AWS Lambda error: AWS Lambda AccessDeniedException not authorized to perform: cognito-idp:AdminUpdateUserAttributes
How to fix the AWS Lambda error: AWS Lambda AccessDeniedException not authorized to perform: ssm:GetParameters on resource because no identity-based policy allows the ssm:GetParameters action
So you are using AWS Parameter Store and then try to run your AWS Lambda function, only to be met with this odd error claiming: AccessDeniedException not authorized to perform: cognito-idp:AdminUpdateUserAttributes on resource because no identity-based policy allows the cognito-idp:AdminUpdateUserAttributes action
This might look like the following below:
error updating Cognito user: AccessDeniedException: User: arn:aws:sts::476226016957:assumed-role/thecapv2react1f3e7babPostAuthentication-dev/thecapv2react1f3e7babPostAuthentication-dev is not authorized to perform: cognito-idp:AdminUpdateUserAttributes on resource: arn:aws:cognito-idp:us-east-1:476226016957:userpool/us-east-1_2XTSL3Jom because no identity-based policy allows the cognito-idp:AdminUpdateUserAttributes action
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:52:27)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:686:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:688:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
code: 'AccessDeniedException',
time: 2022-11-17T20:11:47.074Z,
requestId: '2b83bdf5-ae2c-4fab-af9a-a5ec8b068602',
statusCode: 400,
retryable: false,
retryDelay: 56.66083548666978
}So this means we haven’t set up identity access for this function to run the service. We will do the following:
amplify update function
Select the function we want to edit
? Which setting do you want to update? (Use arrow keys)
❯ Resource access permissions
? Select the categories you want this function to have access to. ◯ api ❯◉ auth ◯ storage ◯ function ? Select the operations you want to permit on thecapv2react1f3e7bab ◯ create ❯◉ read ◉ update ◯ delete
So what does this mean?
What’s happening here is that you aren’t stringifying your API Key and as a result, it is coming up as undefined.
The key-value pair of your environment variable might be valid (i.e. REACT_APP_PUBLISHABLE_KEY=pk_live_43435345awf34t) but you will want to stringify it.
The issue:
Notice how the process.env.ELEMENT is inserted into the input of the loadStripe method of the @stripe/stripe-js SDK? This will lead to an error because the value is undefined at start.
The solution:
We’ll turn the environment variable into a template literal with
${ENV}to effectively stringify this value, ensure that it can’t NOT be undefined, as we load it into theloadStripemethod.Here, we will see that this will allow us to call the stripe API using our Stripe Publishable Key and create a session for the checkout.
Further Debugging:
✨ If you are getting further issues, double-check that your .env file has the environment variable written correctly, like this:
REACT_PUBLIC_STRIPE_TEST_PUBLISHABLEKEY=pk_live_1234567890abcdefghijklmnop
^ Notice that there are no spaces between the key (first-part) and the value (second-part) of this value.
✨ Also, if you have just created the environment variable, make sure to re-start your server. ENV’s are available at build time, but not upon re-renders. Make sure to give your server or application a good ‘ole stop and start to make sure that the environment variables can be reloaded into your build and then proceed as expected.
Let me know if you found this post helpful! And if you haven't yet, make sure to check out these free resources below:
Subscribe to the Tech Stack Playbook™️ for more content:
Listen on Spotify:
Links
Let’s Connect Online:
☕️ By me a coffee to support my channel: https://buymeacoffee.com/brianhhough
📲 Let's connect on Instagram: https://instagram.com/brianhhough
🤝 Let's connect on LinkedIn: https://linkedin.com/in/brianhhough
🌟 Check out my other episodes: https://www.brianhhough.com/techstackplaybook
📚 Take my FREE 3-Hour Solidity & Web3 Course: https://youtu.be/il9s98lPGqY
Get Some Cool Stuff:
*These affiliate links are commission-based
👨💻 Codecademy — get a FREE MONTH of a Pro membership: http://ssqt.co/mQgVi7z
✨ Upgrade your workspace — check out my workspace essentials on Kit.co: https://kit.co/BrianHHough/workspace-essentials
💰 Coinbase — get $10 FREE of Bitcoin: https://coinbase.com/join/hough_7?src=ios-link
💸 Robinhood — get a FREE stock: https://join.robinhood.com/brianh4666
📇 Unstoppable Domains — get a FREE blockchain domain name: https://unstoppabledomains.com/?ref=5ef8
📈 Kajabi — get a $150 credit (free month) to launch your online digital business: https://app.kajabi.com/r/dAczTf9d
🧱 Alchemy.io — get 85M free web3 compute units: https://alchemy.com/?s=TMwNjM1MTI0MDQ1O
🖥 Autonomous.ai — build a smart workspace with a FREE $25: https://bit.ly/38REicE (or use code R-bhh210)