I have 2 AWS accounts, one personal and a client account.

Personal account: account id: 789XXXXXX

Client account: account id: 123XXXXXX

I'm working on the client and tried to run my lambda function locally, when I do I get the following error: AccessDeniedException: User: arn:aws:iam::789XXXXXX:user/amplify-pUDkX is not authorized to perform: secretsmanager:GetSecretValue on resource: postgres-secret because no identity-based policy allows the secretsmanager:GetSecretValue action.

I was a bit confused as this function had been working previously, once I looked into the error message I noticed that the user amplify-pUDkX didn't even exist on the client account and that the AWS account id along with the user actually matched up to my personal account. I've already run amplify configure and it's connected to the client account, I've also been making updates to the resources on the client account through the amplify cli so I know I'm not signed into the wrong account.

Also just to note, when the function gets deployed it's able to function no problem so this is only happening on my local machine.

I'd appreciate any help, thanks.

CodePudding user response：

This is due to saved aws credentials in C:\Users\username\.aws. You can remove the ones not required. Also while setting up the app using cli you get the option to choose profile to avoid this issue.