AWS IAM User in Build Steps
Answered
When I try to run a dotnet Build Step "lambda deploy-function MyFunction", I get the following error:
Error retrieving configuration for function MyFunction: User: arn:aws:iam::999999999999:user/SomeUser is not authorized to perform: lambda:GetFunctionConfiguration on resource: arn:aws:lambda:us-east-1:999999999999:function:MyFunction
The build step is a .NET runner with no executables and the Command line parameters "lambda deploy-function MyFunction"
Rather than SomeUser, I would like to use a different IAM user. Where do I set the IAM user for build steps?
Thanks
Please sign in to leave a comment.
Hi Richard,
without knowledge about your exact setup it's hard to say, but in a general sense, TeamCity runs the builds within a build agent, and the processes are started in the environment of the user that the build agent is running as. I assume that you are using cloud-based aws agents, in this case you would need to make sure that that user is the one being managed. I'm afraid I'm not too familiar with the dotnet lambda tool so I'm not sure if it is able to switch users or roles as required. Judging from the docs it seems like it should be possible to create the lambdas to run under certain profiles with specific credentials, but I cannot confirm it will work as intended since we haven't tested it ourselves.
It might be worth double checking with the amazon or dotnet tooling to see if it's possible to change users using them.