Permission denied problem when using Lambda Aliases

0

Hi,

I have been deploying and using AWS Lambda successfully. I introduced aliases to versions so that I could wire a dev and staging environment. Since then, everytime I use a specific version/alias I get permission issues.

Using the AWS Console, I can test my lambda. If I do so on $LATEST, then it works fine

{
  "statusCode": 200,
  "headers": {
...
  },
  "isBase64Encoded": false
}

If I go to Aliases tab, pick a version pointing to the latest deployed version, and I run the same event, I now get

{
  "errorMessage": "Class not found: com.foo.bar.lambda.MyLambda",
  "errorType": "java.lang.ClassNotFoundException"
}

This is a Java lambda. Looking at the logs in CloudWatch, I see

Caused by: java.io.FileNotFoundException: /var/task/com/foo/bar/lambda/MyLambda.class (Permission denied)
	at java.base/java.io.FileInputStream.open0(Native Method)
	at java.base/java.io.FileInputStream.open(Unknown Source)
	at java.base/java.io.FileInputStream.<init>(Unknown Source)
	at java.base/jdk.internal.loader.URLClassPath$FileLoader$1.getInputStream(Unknown Source)
	at java.base/jdk.internal.loader.Resource.cachedInputStream(Unknown Source)
	at java.base/jdk.internal.loader.Resource.getByteBuffer(Unknown Source)
	at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
	... 9 more

If you have any pointers because I have no idea why it would work with $LATEST but not with version 'prod' pointing to the same version.

Thanks in advance

asked 2 months ago115 views
2 Answers
0

Could you please ensure that the IAM role associated with your Lambda function has the necessary permissions to access any required resources, such as S3 buckets, DynamoDB tables, or other AWS services. If your Lambda function interacts with other AWS resources, permissions might be different for different aliases

profile picture
EXPERT
answered 2 months ago
0

Thank you for the reply.

I don't see any difference or problem after checking. I created a new function in AWS, deployed the same lambda a couple of times. Created 2 aliases (prod and dev) and tried both pointing to same version, or $LATEST and works perfectly. So it has something to do with my previous lambda. I can't spot it and don't know about a way to debug it yet

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions