I am trying to fetch EKS-Optimized AMI latest AMI ID details for "Name" attribute using lambda boto3 like this :
ec2_client = boto3.client('ec2')
# Get AMI release version of new AMI
latestAMIVersion = ec2_client.describe_image_attribute(
Attribute = 'description',
ImageId = latest_ami_id //AMI ID fetched
)
Though I added "EC2:*" permissions for this, I am getting :
{
"errorMessage": "An error occurred (AuthFailure) when calling the DescribeImageAttribute operation: Not authorized for image:ami-*******b649f",
"errorType": "ClientError",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 29, in lambda_handler\n ImageId = latest_ami_id\n",
" File \"/var/runtime/botocore/client.py\", line 391, in _api_call\n return self._make_api_call(operation_name, kwargs)\n",
" File \"/var/runtime/botocore/client.py\", line 719, in _make_api_call\n raise error_class(parsed_response, operation_name)\n"
]
}
Same, if I try using CLI
aws ec2 describe-images --image-ids <AMI_ID>
It is working. I checked this, according to this for "AuthFailure" it should not work on CLI as well. Is it something about "boto3"? Please help me understand. Thanks in advance.
The issue was not with "boto3", it is the parameter I was querying. Briefly, I was trying to get description on AWS Managed SSM Parameter which is EKS-Optimized AMI ID, hence I was facing "AuthFailure", which is not managed by AWS only.