Invoking a lamda from a graphcool function throws AccessDeniedException



Im currently trying to invoke a custom lambda I created with serverless through a graphcool function. When testing locally, it runs fine, but when using the cloud service I get the following error:

"AccessDeniedException", "message": "User: arn:aws:sts:XXXXXXX:assumed-role/StackSet-SecondComingOfLambda-LambdaExecutionRole-XXXXXXX/XXXXX-myFunctionName is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:XXXXXX:function:my-serverless-function", "requestId": "6abf75fa-596c-4a63-a326-cd71b79c2c5a", "time": "2019-04-11T04:06:47.281Z"

I’m invoking the lambda from within the graphcool function using the aws-sdk. The code for that is

          Payload: JSON.stringify(requestBody),
        (err, data: LambdaResponse) => {
          if (err) return reject(err);
          return resolve(data);


A quick google found that I need to set IAM permissions for both lambdas. For serverless, I can add that in the serverless.yml file. It looks like this:

    - Effect: Allow
        - lambda:InvokeFunction
        - '*'

Is there a way to set permissions on the graphcool function as well?
Any help would be greatly appreciated!


This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.