Skip to content

How to Fix – KMS Access Denied Exception | AWS Lambda

How to fix AWS Lambda KMS Access Denied Exception

Hi, some time ago when I was using the lambda function, I received a “KMS Access Denied Exception” error. This was strange because everything was working fine until I increased the permissions for the IAM Role. You read that right, I gave more permissions and my lambda couldn’t start. I thought, what’s going on? I did some digging and it turned out that Terraform had deleted my IAM role during the update and created it again.

The IAM role had the same name, but my lambda function returned an error:

Calling the invoke API action failed with this message: Lambda was unable to decrypt the environment variables because KMS access was denied. Please check the function's AWS KMS key settings. KMS Exception: UnrecognizedClientExceptionKMS Message: The security token included in the request is invalid

To resolve the error, you must reset the AWS KMS grant for the function’s execution role. It sounds complicated, but all it takes for a moment is to assign a different IAM role. In the lambda function, you can temporarily assign a different IAM role and save your changes, then re-add the IAM role that was there at the beginning and save your changes again. And that’s all.

In my case it helped. If you want to learn more, I have prepared a video tutorial in which I describe everything step by step and give 3 ways to fix this error.

KMS Access Denied Exception – How to fix AWS Lambda

If you found this article interesting, you may also be interested in other articles from the AWS category.

By the way, if you think the article is helpful, you can share this information with others, I will be very happy. You can also check out my YouTube channel for other tips. New movie coming soon.

A Comparison of Security Groups and Network Access Control Lists in AWS
How to read and write a file on S3 using lambda function and boto3

Leave a Reply

Your email address will not be published. Required fields are marked *