Skip to main content
Panther Knowledge Base

How to resolve the error "AccessDeniedException" for Panther federated roles when used with PAT


When trying to update a custom schema with Panther Analysis Tool (PAT), I see an error like the following:

Warning: : Unhandled exception: "An error occurred (AccessDeniedException) when calling the Invoke operation: User: arn:aws:sts::***:assumed-role/PantherAnalysisFederatedCDRole/GitHubActions is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:***:function:panther-logtypes-api because no identity-based policy allows the lambda:InvokeFunction action"


Create an API token for authenticating update requests from PAT. You can find our guide to creating a token here, and examples of using the token with PAT here.

Alternatively, if you'd like to continue using your PantherAnalysisFederatedCDRole, reach out to the Panther Support at to correct the role's permissions.


This can occur if PantherAnalysisFederatedCDRole does not have the correct permissions.