Tagging AWS lambda function access denied


I am trying to use aws cli to tag a lambda function. However, I keep getting the access decided error. I even tried to give the user admin access in IAM, and still it does not work. I guess something else has to be configured somewhere that currently overrides the policy

The policy attached to the user is


As noted in the documentation for Lambda API Permissions and AWS Services That Work with IAM tag-related calls (ListTags, TagResources, UntagResources) can’t be restricted to specific resources.

So access for tagging has to be granted for all Lambda functions. To get it working, you’d need to replace <my lambda ARN> in the policy above with *.

Leave a Reply