2

I'm trying to delete the Lambda function, it is throwing an error
An error occurred when deleting your function: You do not have sufficient permission. Access denied.

I never got this issue before. I even tried using an IAM user with Administrator access permissions. Still the same issue.

Also, I'm trying to make deployments to a Lambda function, which is also throwing an error.
An error occurred: <FunctionName>LambdaFunction - Resource handler returned message: "null (Service: Lambda, Status Code: 403, Request ID: xxxxxxxx-xxxx-xxxx-xxxx-1071e7f17536, Extended Request ID: null)" (RequestToken: xxxxxxxx-xxxx-xxxx-xxxx-9602c6f12b36, HandlerErrorCode: AccessDenied).

I'm not able to modify anything on the Lambda Console (not even increase a function's memory limit). All other AWS services are working normally.

This started happening after deleting a specific cloud formation stack by skipping its Lambda function.

Improve this question
4
  • 1
    If you can't manipulate lambdas function with an Administrator account it could mean an SCP is in place to prevent you. Either way, where I you, I would fill a ticket to aws support Commented Oct 3, 2021 at 10:05
  • 2
    Check your emails or AWS Personal Health notifications. If AWS thinks your account got hacked, it usually limits its permissions. Lambda is one of the services that get limited. Commented Oct 3, 2021 at 10:21
  • Was it you who had deployed the cloudformation stack? Commented Oct 3, 2021 at 11:56
  • Thanks, @PandaBlue. Yes, there was an SCP placed to prevent any changes to Lambda functions. Commented Oct 4, 2021 at 5:57

2 Answers 2

Reset to default
2

Somewhere, somehow, an IAM policy got put into effect explicitly denying you (or perhaps anyone) the ability to delete this lambda. If you have complete control over your account, log in with your root user and check what policies are on that lambda. Theoretically your root user can also delete it, but if it can't then open up a support ticket to have someone with AWS Root access help you delete it - I've done this in the past and bricked an S3 bucket so it couldn't even access itself!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Same happened to me. In my case my account was hacked & I got it back talking to AWS support, but then it was found suspicious and got blocked, automated deployments with IAM roles were failing, manually deleting lambda functions with root user account was not allowed, so I contacted AWS support again, told them that I have got my account back, and secured with new login info, and asked them to unblock my activities, couple hours later, everything got back to normal

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.