发表新帖
发表新帖

The role defined for the function cannot be assumed by Lambda

后端 未结
关注
11 1246
野性不改
野性不改 2021-02-04 23:29

I\'m getting the error \"The role defined for the function cannot be assumed by Lambda\" when I\'m trying to create a lambda function with create-function command.

相关标签:
11条回答
  • 悲&欢浪女
    2021-02-05 00:10

    For me, the issue was that I had an incomplete name for the role. I set

    --role arn:aws:iam::000000000000:role/MyRoleName

    when it should have been

    --role arn:aws:iam::000000000000:role/service-role/MyRoleName

    (of course my aws id isn't actually 000000000000)

    I discovered this by running 

    aws iam get-role --role-name MyRoleName

    and looking at the "Arn" property in the result set.

    0 讨论(0)
  • 北海茫月
    2021-02-05 00:11

    Had the same issue although my IAM role did have the right policy and trust relationship. Lambda creation worked fine when done through CLI the problem was when using lambda module after just creating the IAM role.

    I also tried to "pause" for few seconds but it didn't help.

    Ended up adding retry and delay until registerdLambda.code was defined. Usually it works after 1-2 tries.

    example:

     - name: creating lambda function
   lambda:
     state: present
     name: "{{ lambdaName }}"
     zip_file: "{{ lambdaZipFile }}"
     runtime: "{{ lambdaRuntime }}"
     role: "{{ lambdaRole }}"
     description: "{{ lambdaDescription }}"
     handler: "{{ lambdaHandler }}"
   register: lambdaFunc
   retries: 3
   delay: 10
   until: "{{ lambdaFunc.code is defined }}"
    0 讨论(0)
  • 醉酒成梦
    2021-02-05 00:18

    I was running into this error with terraform and needed to add an assume role policy and apply it to the role that lambda assumes.

    data "aws_iam_policy_document" "lambda_assume_role_policy" {

  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = [
        "lambda.amazonaws.com"
      ]
    }
  }

resource "aws_iam_role" "lambda_rotation_role" {
  name               = "lambda-rotation-role"
  assume_role_policy = "${data.aws_iam_policy_document.lambda_assume_role_policy.json}"
}
    0 讨论(0)
  • 被撕碎了的回忆
    2021-02-05 00:20

    I am just learning to use the AWS CLI and ran into this issue.

    I am using a series of PowerShell scripts to deploy an entire AWS architecture. My createRole.ps1 script contains:

    aws iam create-role `
--role-name $roleName `
--assume-role-policy-document file://myRoleTrustPolicy.json

    The file myRoleTrustPolicy.json contains:

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "elasticmapreduce.amazonaws.com",
          "datapipeline.amazonaws.com",
          "lambda.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

    It is the "lambda.amazonaws.com" line that was missing from Service list that was causing the issue.

    Once I fixed that, the invocation of aws lambda create-function worked great.

    aws lambda create-function `
--function-name $fn `
--runtime java8 `
--role $currentRoleARN `
--handler "handleRequest" `
--memory-size 128 `
--zip-file $jarFile
    0 讨论(0)
  • 终归单人心
    2021-02-05 00:21

    I had this error simply because I had a typo in the role ARN. I really wish the error was more explicit and said something along the lines of "this role doesn't exist", but alas.

    0 讨论(0)
 看不清?
提交回复
热议问题