aws #serverless #react #webdev published: true date: "2026-05-08 21:30:00 UTC" Today was one of those days where the code was technically correct, but the infrastructure said "No." I had to dive deep into AWS CloudWatch to fix a cascading series of silent failures in my AI Financial Agent. Here is the breakdown of today's architecture fixes: The Silent IAM Policy Trap I built a full account annihilation flow. The user clicks "Delete," and Lambda is supposed to wipe their DynamoDB history and Cognito identity. But it didn't work. The API returned a success status, but the data remained. Checking CloudWatch revealed an AccessDeniedException. My Lambda role lacked the dynamodb:BatchWriteItem and cognito-idp:AdminDeleteUser permissions. In serverless, if your IAM policies are strictly scoped (as they should be), you must account for every single AWS SDK method you call. I updated the inline policies, and the nuclear button finally worked.…