Issue

When trying to update a custom schema with Panther Analysis Tool (PAT), I see an error like the following:

Warning: : Unhandled exception: "An error occurred (AccessDeniedException) when calling the Invoke operation: User: arn:aws:sts::***:assumed-role/PantherAnalysisFederatedCDRole/GitHubActions is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:***:function:panther-logtypes-api because no identity-based policy allows the lambda:InvokeFunction action"
 

Resolution

Create an API token for authenticating update requests from PAT. You can find our guide to creating a token here, and examples of using the token with PAT here.

Alternatively, if you'd like to continue using your PantherAnalysisFederatedCDRole, reach out to the Panther Support at [email protected] to correct the role's permissions.

Cause

This can occur if PantherAnalysisFederatedCDRole does not have the correct permissions.