Your local AWS development environment is not completely set up.
Check that you have configured AWS Credentials (e.g.
- The AWS Toolkits for Visual Studio or Visual Studio will help you set these up
Check that you have a default AWS Region specified in your environment
$env:AWS_REGION = "east-us-1" or
Not authorized to perform:
The user profile used in your AWS credentials is missing an IAM policy.
The default RavenDB Lambda template requires the following policies:
If you have multiple AWS profiles, you can change the AWS profile used
by setting the
$env:AWS_PROFILE environment variable.
Learn more about configuring IAM user policies.
SecretsManagerReadWrite for accessing AWS Secrets Manager configuration to load a client certificate
To deploy your AWS Lambda functions, it's recommended to set up a dedicated deployment IAM user.
This user will need the following policies set:
AWSLambda_FullAccess for local deployment
IAMFullAccess for local deployment and
IAMReadOnlyAccess for hosted deployment
Environment Variables Exceed AWS Limits
AWS limits the size of individual environment variables to 4KB and 5KB overall.
This does not leave much room for using public/private keypair values to pass to your Lambda function.
The template is built to support loading the PEM-encoded public key from the
file system (
.crt file), to be deployed alongside your app through the
RavenSettings:CertPublicKeyFilePath app setting.
The private key can be provided in plain-text through the
app setting, which using the .NET conventions is the
The private key should be around 3.1KB, which is under the 4KB limit,
but you may still exceed the 5KB limit overall when combined with your
other environment variables.
If this is the case, we recommend using the AWS Secrets Manager
for storing your certificate instead since this will not be subject to the same
limitations (and it is more secure and robust for production-scale usage).