Thanks for the guide.
I'm running into a problem when I try to deploy my SAM app that suppose to use the CertificateLayer.
"Failed to create changeset for the stack: SamFromS3ToEH, An error occurred (ValidationError) when calling the CreateChangeSet operation: Unable to fetch parameters [XXX] from parameter store for this account."
XXX = I tried to change the parameter to "Certificate"/"CertificateLayer"/the arn of the certificate layer.
If you're having issues with this I would first try bypassing Parameter store and verify that if you use the ARN as a parameter (of type String) that it works correctly.
If that works then I wonder whether there is a permissions problem - does the user/role trying to create the changeset have full access to parameter store or are they limited to particular parameters. The ARNs for Parameter Store keys are a bit confusing because if you have a leading / in the parameter store key it shouldn't be part of the ARN (i.e. it's arn:aws:ssm:us-east-2:123456789012:parameter/Lambda/Layers/Certificate rather than arn:aws:ssm:us-east-2:123456789012:parameter//Lambda/Layers/Certificate.
If it's a permissions problem you might be able to find more information in CloudTrails about the specific permissions problem - and it might not be the parameter itself - if you're using a SecretString rather than String type it could be KMS permissions.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for the guide.
I'm running into a problem when I try to deploy my SAM app that suppose to use the CertificateLayer.
"Failed to create changeset for the stack: SamFromS3ToEH, An error occurred (ValidationError) when calling the CreateChangeSet operation: Unable to fetch parameters [XXX] from parameter store for this account."
XXX = I tried to change the parameter to "Certificate"/"CertificateLayer"/the arn of the certificate layer.
And I wonder how to fix it.
If you're having issues with this I would first try bypassing Parameter store and verify that if you use the ARN as a parameter (of type String) that it works correctly.
If that works then I wonder whether there is a permissions problem - does the user/role trying to create the changeset have full access to parameter store or are they limited to particular parameters. The ARNs for Parameter Store keys are a bit confusing because if you have a leading
/
in the parameter store key it shouldn't be part of the ARN (i.e. it'sarn:aws:ssm:us-east-2:123456789012:parameter/Lambda/Layers/Certificate
rather thanarn:aws:ssm:us-east-2:123456789012:parameter//Lambda/Layers/Certificate
.If it's a permissions problem you might be able to find more information in CloudTrails about the specific permissions problem - and it might not be the parameter itself - if you're using a SecretString rather than String type it could be KMS permissions.