[VMC on AWS] SDDC Account Linking Fails due to AWS Error "not authorized to perform: lambda:GetFunction"
search cancel

[VMC on AWS] SDDC Account Linking Fails due to AWS Error "not authorized to perform: lambda:GetFunction"

book

Article ID: 314134

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

Detail the fix to the above described issue

Symptoms:
A customer is attempting to deploy a VMC on AWS SDDC and receives an error matching the following during Account Linking step:

Resource handler returned message: "User: **************** is not authorized to perform: lambda:GetFunction on resource: ******************** because no identity-based policy allows the lambda:GetFunction action (Service: Lambda, Status Code: 403, Request ID: *********, Extended Request ID: null)" (RequestToken: ***************, HandlerErrorCode: AccessDenied)


Cause

There is a missing role defined on the AWS Account being used for Account Linking which is now required for a successful SDDC Deployment

Resolution

Refer to the Permissions Statement on Account Linking and the VMware Cloud on AWS CloudFormation Template Documentation to see what Roles & Permissions are required for a successful account link.

Additional Information

Account Linking and the VMware Cloud on AWS CloudFormation Template

Impact/Risks:
This impacts a customer's ability to deploy a VMC on AWS SDDC