Invoking a lamda from a graphcool function throws AccessDeniedException

graphcool-cloud

#1

Im currently trying to invoke a custom lambda I created with serverless through a graphcool function. When testing locally, it runs fine, but when using the cloud service I get the following error:

"AccessDeniedException", "message": "User: arn:aws:sts:XXXXXXX:assumed-role/StackSet-SecondComingOfLambda-LambdaExecutionRole-XXXXXXX/XXXXX-myFunctionName is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:XXXXXX:function:my-serverless-function", "requestId": "6abf75fa-596c-4a63-a326-cd71b79c2c5a", "time": "2019-04-11T04:06:47.281Z"

I’m invoking the lambda from within the graphcool function using the aws-sdk. The code for that is

      lambda.invoke(
        {
          FunctionName:
            'arn:aws:lambda:us-east-1:XXXXXXXXX:function:my-serverless-function',
          Payload: JSON.stringify(requestBody),
        },
        (err, data: LambdaResponse) => {
          if (err) return reject(err);
          return resolve(data);
        },
      );

`

A quick google found that I need to set IAM permissions for both lambdas. For serverless, I can add that in the serverless.yml file. It looks like this:

iamRoleStatements:
    - Effect: Allow
      Action:
        - lambda:InvokeFunction
      Resource:
        - '*'

Is there a way to set permissions on the graphcool function as well?
Any help would be greatly appreciated!