just want to ask if this has been a known issue on Terraform v0.11, I'm trying to mount efs to lambda however it seems being blocked on the part of querying the efs access point.
data.aws_efs_access_point.pogi: data.aws_efs_access_point.pogi: Error reading EFS access point : AccessDeniedException:
status code: 403, request id: 123k23s-1434-4421-as4ds-asd021390asdjj
my tf code below:
data "aws_efs_access_point" "pogi" {
access_point_id = "fsap-p0gigwap0h"
}
resource "aws_lambda_function" "pogi_function" {
function_name = "pogi-na-gwapo-pa"
...
file_system_config {
arn = "${data.aws_efs_access_point.pogi.arn}"
local_mount_path = "/mnt/pogi-mo"
}
}
NOTE: My tf code above is working when data source part is commented and arn value is hard coded
I'm using this IAM Role to deploy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt143441432",
"Action": [
"lambda:AddPermission",
"lambda:GetFunction",
"lambda:ListAliases",
"lambda:TagResource",
"lambda:UntagResource",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:us-east-1:1234567898765:function:pogi-*"
},
{
"Sid": "Stmt143441432",
"Action": [
"elasticfilesystem:Describe*",
"elasticfilesystem:List*"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:us-east-1:1234567898765:file-system/*"
}
]
}