FG
💻 Software☁️ Cloud & DevOpsAmazon

EC2 permissions for VPC not set on first deploy

Freshabout 7 years ago
Mar 14, 20260 views
Confidence Score75%
75%

Problem

Hi Guys, I have multiple serverless projects up and running, but today I wanted to set up a new one, and I can't figured it out. My project is inside a VPC, and I have a permission error on the "AWS::Lambda::Function" role: > Your access has been denied by EC2, please make sure your function execution role have permission to CreateNetworkInterface. EC2 Error Code: UnauthorizedOperation. EC2 Error Message: You are not authorized to perform this operation. But my serverless.yml is setup the same way than my working projects: [code block] As you can see, I clearly set the iamRoleStatements for EC2. Moreover, I read this in the documentation: > Further, if you have specified VPC security groups and subnets for your lambdas to use then the EC2 rights necessary to attach to the VPC via an ENI will be added into the default IAM policy. But when the role is created, the inline policy attached is the following: [code block] No rights about EC2 are added... Does anyone have an idea? Many thanks

Error Output

error on the "AWS::Lambda::Function" role:

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
High Confidence Fix
74% confidence100% success rate6 verificationsLast verified Mar 14, 2026

Solution: EC2 permissions for VPC not set on first deploy

Low Risk

I figured it out finally... You must do a first deploy of your service WITH the EC2 iamRoleStatements but WITHOUT the VPC key. Once the deployed has ended, then you can add the VPC info to your serverless.yml and make a new deploy... Is it possible to get a fix of it?

74

Trust Score

6 verifications

100% success
  1. 1

    I figured it out finally... You must do a first deploy of your service WITH the

    I figured it out finally... You must do a first deploy of your service WITH the EC2 iamRoleStatements but WITHOUT the VPC key. Once the deployed has ended, then you can add the VPC info to your serverless.yml and make a new deploy...

  2. 2

    Is it possible to get a fix of it?

    Is it possible to get a fix of it?

Validation

Resolved in serverless/serverless GitHub issue #2780. Community reactions: 22 upvotes.

Verification Summary

Worked: 6
Partial: 2
Last verified Mar 14, 2026

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

serverlesslambdaawsbughelp-wanted