All geek questions in one place

AWS CLI: Role defined for function cannot be accepted by Lambda

CLI AWS Version:

aws --version aws-cli/1.11.21 Python/2.7.12 Darwin/15.3.0 botocore/1.4.78

Trying to create a Lambda function and get an error:

 An error occurred (InvalidParameterValueException) when calling the CreateFunction operation: The role defined for the function cannot be assumed by Lambda.

The role was created as:

 aws iam create-role --role-name microrole --assume-role-policy-document file://./trust.json

trust.json :

 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

Policy has been added as:

 aws iam put-role-policy --policy-document file://./policy.json --role-name microrole --policy-name micropolicy

policy.json :

 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "apigateway:*" ], "Resource": "arn:aws:apigateway:*::/*" }, { "Effect": "Allow", "Action": [ "execute-api:Invoke" ], "Resource": "arn:aws:execute-api:*:*:*" } ] }

A few minutes were expected, as mentioned in [1] and [2] , but still the error does not go away. The policy and trust associated with the role are similar to the default role created when the Lambda function was created using the console.

Full steps are listed at https://github.com/arun-gupta/serverless/tree/master/aws/microservice .

What is missing?

+5
source share
1 answer

The lambda function was created as:

 aws lambda create-function \ --function-name MicroserviceGetAll \ --role arn:aws:iam::<act-id>:role/service-role/microRole \ --handler org.sample.serverless.aws.couchbase.BucketGetAll \ --zip-file fileb:///Users/arungupta/workspaces/serverless/aws/microservice/microservice-http-endpoint/target/microservice-http-endpoint-1.0-SNAPSHOT.jar \ --description "Microservice HTTP Endpoint - Get All" \ --runtime java8 \ --region us-west-1 \ --timeout 30 \ --memory-size 1024 \ --environment Variables={COUCHBASE_HOST=ec2-35-165-83-82.us-west-2.compute.amazonaws.com} \ --publish

The correct command is:

 aws lambda create-function \ --function-name MicroserviceGetAll \ --role arn:aws:iam::<act-id>:role/microRole \ --handler org.sample.serverless.aws.couchbase.BucketGetAll \ --zip-file fileb:///Users/arungupta/workspaces/serverless/aws/microservice/microservice-http-endpoint/target/microservice-http-endpoint-1.0-SNAPSHOT.jar \ --description "Microservice HTTP Endpoint - Get All" \ --runtime java8 \ --region us-west-1 \ --timeout 30 \ --memory-size 1024 \ --environment Variables={COUCHBASE_HOST=ec2-35-165-83-82.us-west-2.compute.amazonaws.com} \ --publish

The difference is that the role was incorrectly specified as role/service-role/microRole instead of role/microRole .

0
source

Source: https://habr.com/ru/post/1261971/

More articles:


All Articles