The role defined for the function cannot be assumed by Lambda

后端 未结 11 1269
野性不改
野性不改 2021-02-04 23:29

I\'m getting the error \"The role defined for the function cannot be assumed by Lambda\" when I\'m trying to create a lambda function with create-function command.

相关标签:
11条回答
  • 2021-02-04 23:56

    It could be that the Lambda is missing an execution role. Or this role has been deleted.

    In console you can see the status at Lambda > Functions > YourFunction > Permissions. Even an IAM empty role with no policies is enough to make it work.

    0 讨论(0)
  • 2021-02-04 23:57

    Most people end up in this error because of giving the wrong Role ARN in CloudFormation while creating the Lambda Function.

    Make sure the role is completed first by using "DependsOn" and use the intrinsic function """{ "Fn::GetAtt" : [ "your-role-logical-name", "Arn" ] }"""

    0 讨论(0)
  • 2021-02-05 00:02

    For me, the issue was that I had set the wrong default region environment key.

    0 讨论(0)
  • 2021-02-05 00:04

    I'm also encountering this error. Have not got a definitive answer (yet) but figured I'd pass along a couple of hints that may help you and/or anyone else hitting this problem.

    A) If you build the Role ARN by putting together your account ID and role name, I think the account ID needs to be without any dashes

    B) If you just created the role, and possibly added policies to it, there seems to be a (small) window of time in which the role will trigger this error. Sleeping 5 or 6 seconds between the last operation on the role and the create-function call allowed me to bypass the issue (but of course, the timing may be variable so this is at best a work-around).

    0 讨论(0)
  • 2021-02-05 00:06

    I got the error "The role defined for the function cannot be assumed by Lambda" because i had not updated the roles "Trust Relationship" config file. I didn't encounter the timeout issues as in the linked answer in the comments.

    The comments in the above answers pointed out that you need to add the following.

    1. Go to 'IAM > Roles > YourRoleName'
      • (Note: if your role isn't listed, then you need to create it.)
    2. Select the 'Trust Relationships' tab
    3. Select 'Edit Trust Relationship'

    Mine ended up like the below.

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          <your other rules>
        },
        {
          "Effect": "Allow",
          "Principal": {
            "Service": "lambda.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }
    
    0 讨论(0)
  • 2021-02-05 00:09

    I got this problem while testing lambda function.

    What worked for me was formatting JSON.

    0 讨论(0)
提交回复
热议问题