@shinyaz

Lambda Durable Functions IAM action is CheckpointDurableExecution (singular)

1 min read
#aws#lambda#iam

When deploying Lambda Durable Functions via AWS CLI, I set lambda:CheckpointDurableExecutions (plural) in the IAM policy and got this error:

Output
User: arn:aws:sts::XXXX:assumed-role/lambda-durable-test-role/durable-basic-test
is not authorized to perform: lambda:CheckpointDurableExecution on resource: ...
because no identity-based policy allows the lambda:CheckpointDurableExecution action

The error message itself tells you the correct action name — CheckpointDurableExecution (singular). Fixing the policy to singular resolved it.

Correct policy
{
  "Action": [
    "lambda:CheckpointDurableExecution",
    "lambda:GetDurableExecutionState"
  ]
}

The Getting Started console flow auto-assigns the correct permissions, but when using CLI or IaC, watch the singular/plural on action names.

Share this post

Shinya Tahara

Shinya Tahara

Solutions Architect @ AWS

I'm a Solutions Architect at AWS, providing technical guidance primarily to financial industry customers. I share learnings about cloud architecture and AI/ML on this site.The views and opinions expressed on this site are my own and do not represent the official positions of my employer.

Read more