问题
Faced with unknown before issue on my aws root account :
When i trying to create/delete lambda through the aws site - it shows me 403 error.
Almost the same, when trying to delete created before lambdas :
Last create lambda was about 2 months ago, and about month ago my free tier was expired, i got email. But how it is relates - don't know, all should work fine, but no. Also, i can create/delete dynamoDB tables without any issues, for example. The same 403 i am receiving when trying to publish through the visual studio 2019, so can't update code there.
Also, my AWS Personal Health Dashboard showing nothing out of normal. Could you please help to undestand where is the issue here, as i cannot contact aws support with technical subjects - base blan limitation or something like this (awhhhhh).
回答1:
So, issue was solved ... by amazon support (do not hesitate to contact them using other topic - they will respond in a ... few days :) ).
So, as i also noticed from google - this kind of errors coming from your security leaks. So support said the same - my account (or my secret keys) was compromised and i need to re-secure my account. So they requested :
- change my root password
- re-create all possible secret keys for root and IAM users (and deleted old)
Not sure, how it is was checked from aws side (manually or automatically) after. But also i found old CLOSED message/issue in support home page (https://console.aws.amazon.com/support/home), so possible it was the deep reason of blocking my lambdas.
Also, i remember, that i accidentally pushed this lambda key to private repo, but whatever aws security was fired.
Also, be careful with situation, when you need to rotate keys BUT to rotate it on your lambdas (if you are using them there) - you need to save new secret and to do it you need ... right - access :) so, it may possibly stop your scripts when you will revoke keys without rotation.
So hope, it helps someone. Store your secrets in secret places and do not push them accidentally :)
来源:https://stackoverflow.com/questions/65059561/cant-create-delete-publish-lambda-on-amazon-aws-getting-403-access-denied