Following example but getting error during deploy.

[bvelasquez]

Hello, tried this to deploy react app. I'm getting the following error:

User: arn:aws:iam::398816301180:root is not authorized to perform: lambda:GetLayerVersion on resource: arn:aws:lambda:us-east-1:145266761615:layer:s3-deployment:5 (Service: AWSLambdaInternal; Status Code: 403; Error Code: AccessDeniedException; Request ID: 126fc2a9-7b38-11e9-a14d-51e70ccc31e9)

Using:

Resources:
  TargetBucket:
    Type: AWS::S3::Bucket
  SiteSource:
    Type: AWS::Serverless::Function
    Properties:
      Layers:
        - arn:aws:lambda:us-east-1:145266761615:layer:s3-deployment:5
      CodeUri: web-site/
      AutoPublishAlias: live
      Runtime: python3.7
      Handler: deployer.resource_handler
      Timeout: 600
      Policies:
        - S3FullAccessPolicy:
            BucketName: !Ref TargetBucket
  DeploymentResource:
    Type: AWS::CloudFormation::CustomResource
    Properties:
      ServiceToken: !GetAtt SiteSource.Arn
      Version: !Ref "SiteSource.Version"
      TargetBucket: !Ref TargetBucket
      Acl: 'public-read'
      CacheControlMaxAge: 600

[gojko]

are you trying to deploy to us-east-1? if not, you will likely want to use the SAR version of this and then include it as a component in your app. try something like this:

  DeployToS3:
    Type: AWS::Serverless::Application
    Properties:
      Location:
        ApplicationId: arn:aws:serverlessrepo:us-east-1:375983427419:applications/deploy-to-s3
        SemanticVersion: 1.0.0
  SiteSource:
    Type: AWS::Serverless::Function
    Properties:
      Layers: 
        - !GetAtt DeployToS3.Outputs.Arn
      CodeUri: web-site/
      AutoPublishAlias: production
      Runtime: python3.7
      Handler: deployer.resource_handler
      Timeout: 600
      Policies:
        - S3FullAccessPolicy:
            BucketName: !Ref WebAssetsS3Bucket
  DeploymentResource:
    Type: AWS::CloudFormation::CustomResource
    Properties:
      ServiceToken: !GetAtt SiteSource.Arn
      Version: !Ref "SiteSource.Version"
      TargetBucket: !Ref WebAssetsS3Bucket
      Substitutions:
        FilePattern: "*.html"
        Values:
          API_URL: !Sub "https://${WebApi}.execute-api.${AWS::Region}.amazonaws.com/${AppStage}/"
          ALLOWED_TYPES: !Sub "${AllowedImageExtensions},${AllowedVideoExtensions}"
      Acl: 'public-read'
      CacheControlMaxAge: 600

[kolomiets]

I'm deploying to us-east-1 and still getting the same error. I believe permissions are not properly configured for the layer.

I use the following command to verify if I have access to the public layer:

aws lambda get-layer-version --layer-name arn:aws:lambda:us-east-1:145266761615:layer:s3-deployment --version-number 5

In contrast, here is the layer I can access without issues (in the same us-east-1 region):

aws lambda get-layer-version --layer-name arn:aws:lambda:us-east-1:785355572843:layer:haskell-runtime --version-number 2

[gojko]

pull the layer from the serverless app repository, you will have the rights for that... for example

DeployToS3:
    Type: AWS::Serverless::Application
    Properties:
      Location:
        ApplicationId: arn:aws:serverlessrepo:us-east-1:375983427419:applications/deploy-to-s3
        SemanticVersion: 1.0.0
SiteSource:
    Type: AWS::Serverless::Function
    Properties:
      Layers: 
        - !GetAtt DeployToS3.Outputs.Arn
      CodeUri: web-site/
      AutoPublishAlias: production
      Runtime: python3.7
      Handler: deployer.resource_handler
      Timeout: 600
      Policies:
        - S3FullAccessPolicy:
            BucketName: !Ref WebAssetsS3Bucket
  DeploymentResource:
    Type: AWS::CloudFormation::CustomResource
    Properties:
      ServiceToken: !GetAtt SiteSource.Arn
      Version: !Ref "SiteSource.Version"
      TargetBucket: !Ref WebAssetsS3Bucket
      Acl: 'public-read'
      CacheControlMaxAge: 600