How do I troubleshoot "permission denied" or "unable to import module" errors when I upload a Lambda deployment package?

5 minute read

When I upload my AWS Lambda deployment package, I get either a "permission denied" or "unable to import module" error.

Short description

Lambda requires global read permissions on code files and any dependent libraries in your deployment package. If you don't configure your Lambda deployment package with the correct security permissions, then Lambda returns an error when you try to upload the file. The permission denied and unable to import module errors commonly occur when continuous integration applications create deployment packages.

For interpreted runtimes, such as Python, the correct permission for the files in the deployment package is 644. For folders in the deployment package, the correct permission is 755.

For compiled runtimes, such as Go, the correct permission for executable files and directories in a deployment package is 755 in Unix permissions numeric notation.

Note: Because Lambda uses POSIX permissions, it's a best practice to use a POSIX compliant operating system (OS) when you build Lambda deployment packages. Compliant OSs include Linux, Unix, or macOS. Equality between the permissions model in your build environment and Lambda's runtime environment reduces the chance of permissions issues.

To fix a permissions issue as a Windows user, complete one of the following tasks to set up a Linux environment:


Find the file or folder that's causing the error

Depending on the programing language you used to write your Lambda function code, the cause of the error might not be clear in the error message.

For example, a Node.js function error message lists the name of the file or folder that's the source of the error. However, a Python function error message doesn't list the name of the file or folder that's the source of the error.

Example of a Node.js Lambda function permission denied error

{  "errorMessage": "EACCES: permission denied, open '/var/task/index.js'",      "errorType": "Error",  
    "stackTrace": [  
    "Object.fs.openSync (fs.js:641:18)",  
    "Object.fs.readFileSync (fs.js:509:33)",  
    "Object.Module._extensions..js (module.js:578:20)",  
    "Module.load (module.js:487:32)",  
    "tryModuleLoad (module.js:446:12)",  
    "Function.Module._load (module.js:438:3)",  
    "Module.require (module.js:497:17)",  
    "require (internal/module.js:20:19)"  

Example of a Python Lambda function unable to import module error

"Unable to import module 'index': No module named index"

To fix this error, see How do I resolve the "Unable to import module" error that I receive when I run Lambda code in Python?

If your Lambda deployment package isn't Amazon Linux 2 or Amazon Linux 2023, then you must match compatibility with Amazon Linux versions. To do this, use the following parameters when you install the package. The following example uses a Python 3.12 OS and NumPy libraries in the same folder where Lambda function is:

pip3 install --platform manylinux2014_x86_64 --target . --python-version 3.12 --only-binary=:all: numpy

Based on your use case, adjust the following values: 

  • Th platform manylinux2014_x86_64 value specifies the package's platform.
  • The python-version 3.12 value indicates that the package is compatible with the specified Python version. Adjust this value according to the Python runtime version that you target in Lambda.
  • The only-binary=:all parameter instructs pip to download only binaries. This makes sure that the package is compatible with the Lambda runtime environment.

Example of a Python Lambda function error for external libraries that are missing required permissions

"Unable to import module 'index': No module named requests"

To check the permissions for all files and folders in the deployment package .zip file, run the zipinfo command in your command line interface (CLI):


Note: Replace with your deployment package .zip file name.

Example of zipinfo command response

Archive:  lambda-package.zipZip file size: 305 bytes, number of entries: 1-r--------  3.0 unx      188 tx defN 21-Feb-13 20:48
1 file, 188 bytes uncompressed, 135 bytes compressed:  28.2%

Note: In the preceding example, the permission for is -r--------, or 400 in Unix permissions numeric notation. Update the permission for the file to 644. For more information, see Notation of traditional Unix permissions on the Wikipedia website.

Update the permissions for your deployment package

Note: The following commands work only for Linux, Unix, and macOS.

  1. To unpack the files and folders inside your deployment package to a temporary folder, run the following command in your CLI:

    mkdir temp-folder; unzip -d temp-folder ;cd temp-folder;ls -l

    Note: Replace with the file name of your deployment package and temp-folder with a name for the temporary folder.

  2. Update the permissions of the library's files.
    Note: To make the directories executable and all files and folders in the unzipped deployment package readable by any user, run the chmod command:

    $ sudo chmod 644 $(find -type f) && chmod 755 $(find -type d)

    To make the unzipped deployment package files executable for compiled runtimes, run the following command:

    $ chmod 755 -R
  3. After you fix the permissions, run the following command to repackage the files and folder into a new .zip file:

    zip -r *
  4. Upload the new deployment package.

AWS OFFICIALUpdated 4 months ago