I am getting this error while executing my lambda
An error occurred (UnauthorizedOperation) when calling the DescribeVpcEndpoints operation: You are not authorized to perform this operation.
My Policy details :
Version": "2012-10-17",
"Statement": [
{
"Sid": "IngestionClusterNodes",
"Effect": "Allow",
"Action": [
"s3:*",
"glue:*",
"kms:*",
"sns:*",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"cloudwatch:*",
"elasticmapreduce:*",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret",
"secretsmanager:PutResourcePolicy",
"secretsmanager:UpdateSecret",
"iam:GetGroup",
"ec2:*",
"events:*",
"logs:*",
"ses:*",
"sns:*",
"sns:Publish"
],
"Resource": [
"arn:aws:iam::*",
"arn:aws:ses:*",
"arn:aws:sqs:*",
"arn:aws:s3:::*",
"arn:aws:logs:*",
"arn:aws:sns:*",
"arn:aws:cloudformation:*",
"arn:aws:cloudwatch:*",
"arn:aws:secretsmanager:*",
"arn:aws:ec2:*",
"arn:aws:events:*:*:*",
"arn:aws:logs:*:*:*",
"arn:aws:autoscaling:*"
]
}
I have attached above policy to Lambda execution role.
I would suggest that you simply modify your statement to;
{
"Sid": "IngestionClusterNodes",
"Effect": "Allow",
"Action": [
"s3:*",
"glue:*",
"kms:*",
"sns:*",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"cloudwatch:*",
"elasticmapreduce:*",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret",
"secretsmanager:PutResourcePolicy",
"secretsmanager:UpdateSecret",
"iam:GetGroup",
"ec2:*",
"events:*",
"logs:*",
"ses:*",
"sns:*",
"sns:Publish"
],
"Resource": ["*"]
}
Just a note, VPCendpoint don't have Arns. Only id, vpce-092e602ea1a16886e so your ec2:* in resource block didn't allow you to describe vpc endpoints.