I am a beginner with AWS so forgive me if the question is not clear.
I am trying to deploy a lambda function from cloud9.
I have initiated the default hello world python lambda function.
AWSReservedSSO_AdministratorAccess_03228be2e7e9a0f4:~/environment/lambda-python3.7 $ ls
events hello_world __init__.py README.md README.TOOLKIT.md template.yaml tests
AWSReservedSSO_AdministratorAccess_03228be2e7e9a0f4:~/environment/lambda-python3.7 $
I am an admin so I should have all permissions:
AWSReservedSSO_AdministratorAccess_03228be2e7e9a0f4:~/environment/lambda-python3.7 $ aws sts get-caller-identity
{
"Account": "050672679339",
"UserId": "AROAQXTCTXGVTFSKEJKUV:luca.puggini",
"Arn": "arn:aws:sts::050672679339:assumed-role/AWSReservedSSO_AdministratorAccess_03228be2e7e9a0f4/luca.puggini"
}
AWSReservedSSO_AdministratorAccess_03228be2e7e9a0f4:~/environment/lambda-python3.7 $ ls
When I try to deploy I get some permission errors:
AWSReservedSSO_AdministratorAccess_03228be2e7e9a0f4:~/environment/lambda-python3.7 $ sam deploy --stack-name pikeen-example-interface --resolve-s3 --capabilities CAPABILITY_IAM
Managed S3 bucket: aws-sam-cli-managed-default-samclisourcebucket-1izrwnq0e6foe
A different default S3 bucket can be set in samconfig.toml
Or by specifying --s3-bucket explicitly.
File with same data already exists at a3735344f55aa1d5670127b3f2557a91, skipping upload
Deploying with following values
===============================
Stack name : pikeen-example-interface
Region : eu-central-1
Confirm changeset : False
Disable rollback : False
Deployment s3 bucket : aws-sam-cli-managed-default-samclisourcebucket-1izrwnq0e6foe
Capabilities : ["CAPABILITY_IAM"]
Parameter overrides : {}
Signing Profiles : {}
Initiating deployment
=====================
File with same data already exists at 584381adaf4b34cfa8377c0a8e92b097.template, skipping upload
Waiting for changeset to be created..
CloudFormation stack changeset
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Operation LogicalResourceId ResourceType Replacement
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ Add HelloWorldFunctionHelloWorldPermissionProd AWS::Lambda::Permission N/A
+ Add HelloWorldFunctionRole AWS::IAM::Role N/A
+ Add HelloWorldFunction AWS::Lambda::Function N/A
+ Add ServerlessRestApiDeployment47fc2d5f9d AWS::ApiGateway::Deployment N/A
+ Add ServerlessRestApiProdStage AWS::ApiGateway::Stage N/A
+ Add ServerlessRestApi AWS::ApiGateway::RestApi N/A
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Changeset created successfully. arn:aws:cloudformation:eu-central-1:050672679339:changeSet/samcli-deploy1686176258/7c9bdf59-94fc-4a54-9501-891507319407
2023-06-07 22:17:44 - Waiting for stack create/update to complete
CloudFormation events from stack operations (refresh every 0.5 seconds)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ResourceStatus ResourceType LogicalResourceId ResourceStatusReason
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CREATE_IN_PROGRESS AWS::IAM::Role HelloWorldFunctionRole -
CREATE_FAILED AWS::IAM::Role HelloWorldFunctionRole The security token included in the request is invalid (Service:
AmazonIdentityManagement; Status Code: 403; Error Code: InvalidClientTokenId; Request
ID: 4e004f19-599a-4880-b496-c484df00925d; Proxy: null)
ROLLBACK_IN_PROGRESS AWS::CloudFormation::Stack pikeen-example-interface The following resource(s) failed to create: [HelloWorldFunctionRole]. Rollback
requested by user.
DELETE_COMPLETE AWS::IAM::Role HelloWorldFunctionRole -
ROLLBACK_COMPLETE AWS::CloudFormation::Stack pikeen-example-interface -
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Error: Failed to create/update the stack: pikeen-example-interface, Waiter StackCreateComplete failed: Waiter encountered a terminal failure state: For expression "Stacks[].StackStatus" we matched expected path: "ROLLBACK_COMPLETE" at least once
AWSReservedSSO_AdministratorAccess_03228be2e7e9a0f4:~/environment/lambda-python3.7 $
How can I fix this? Thanks :-)