I am a bit new to AWS I am trying to create AccessKey using a Lamdba function but it gives an error like this

An error occurred (AccessDenied) when calling the CreateAccessKey operation: User: arn:aws:sts::12345645465446:assumed-role/mySecretRotate-role-4x67t1v9/mySecretRotate is not authorized to perform: iam:CreateAccessKey on resource: user test_user: ClientError

Q: How to resolve this problem

enter image description here

CodePudding user response：

You can add inline policy with iam:CreateAccessKey permission into your mySecretRotate-role role: For example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "iam:CreateAccessKey",
            "Resource": "*"
        }
    ]
}

If you want to be more explicit, you can specify arn of test_user instead of "*" for Resource.

CodePudding user response：

Your Lambda function role does not have the iam:CreateAccessKey permission. There are different ways to grant this permission to your lambda, see the full documentation here. You can for example add the permission to your "mySecretRotate" role as an inline policy, click on the role and on "Add inline policy" and the visual guide will take your through the process. The resulting policy will look something like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "iam:CreateAccessKey",
            "Resource": /*user arn goes here"*/
        }
    ]
}