Skip to main content
Panther Knowledge Base

How to resolve the error "AccessDeniedException" for Panther federated roles when used with PAT

Issue

When trying to update a custom schema with Panther Analysis Tool (PAT), I see an error like the following:

Warning: : Unhandled exception: "An error occurred (AccessDeniedException) when calling the Invoke operation: User: arn:aws:sts::***:assumed-role/PantherAnalysisFederatedCDRole/GitHubActions is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:***:function:panther-logtypes-api because no identity-based policy allows the lambda:InvokeFunction action"
 

Resolution

Create an API token for authenticating update requests from PAT. You can find our guide to creating a token here, and examples of using the token with PAT here.

Alternatively, if you'd like to continue using your PantherAnalysisFederatedCDRole, reach out to the Panther Support at support@panther.com to correct the role's permissions.

Cause

This can occur if PantherAnalysisFederatedCDRole does not have the correct permissions.

 

 

  • Was this article helpful?