AWS CLI version:
aws --version
aws-cli/1.11.21 Python/2.7.12 Darwin/15.3.0 botocore/1.4.78
Trying to create a Lambda function and getting the error:
An error occurred (InvalidParameterValueException) when calling the CreateFunction operation: The role defined for the function cannot be assumed by Lambda.
Role was created as:
aws iam create-role --role-name microrole --assume-role-policy-document file://./trust.json
trust.json
is:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Policy was attached as:
aws iam put-role-policy --policy-document file://./policy.json --role-name microrole --policy-name micropolicy
policy.json
is:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"apigateway:*"
],
"Resource": "arn:aws:apigateway:*::/*"
},
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": "arn:aws:execute-api:*:*:*"
}
]
}
Waited for multiple minutes as mentioned at [1] and [2] but still the error is not going away. The policy and trust attached to the role is similar to the default role created when Lambda Function is created using Console.
Complete steps are listed at https://github.com/arun-gupta/serverless/tree/master/aws/microservice.
What's missing?
The Lambda function was created as:
The correct command is:
The difference is that the role was incorrectly specified as
role/service-role/microRole
instead ofrole/microRole
.