I have a custom resource in cloudformation template that references a lambda function . Inside the lambda function , I have written code to push items into a DynamoDB table . However , the operation is failing when the cloudformation stack is being created . The error is as follows :
User: arn:aws:sts::551250655555:assumed-role/custom-resource-stack-CustomResourceLambdaExecutio-1OX3T8494LEP5/custom-resource-stack-CustomResourceFunction-1GLEDE3BEPWDP is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1:551250655555:table/MasterTable1
My lambda function name is : custom-resource-stack-CustomResourceFunction-1GLEDE3BEPWDP
and my custom role created is : custom-resource-stack-CustomResourceLambdaExecutio-1OX3T8494LEP5
However , in my serverless template file , I have provided the following permissions :
"CustomResourceLambdaExecutionPolicy": {
"DependsOn": ["CustomResourceLambdaExecutionRole"],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "CustomResourceLambdaExecutionPolicyDocument",
"Roles": [{
"Ref": "CustomResourceLambdaExecutionRole"
}],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Sid": "DynamoDBAccess",
"Action": "dynamodb:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "CloudwatchLogGroupAccess",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
}
}
which gives access to all dynamodb operations and tables . Any ideas on what I am doing wrong here .
