-
-
Save sdomagala/a647a69f0dd87af545d7c45dfc7b0114 to your computer and use it in GitHub Desktop.
## all other serverless.yml configuration | |
functions: | |
# your functions | |
provider: | |
name: aws | |
# your provider config | |
resources: | |
Resources: | |
IamRoleLambdaExecution: # has to be this exact name, https://serverless.com/framework/docs/providers/aws/guide/resources/ | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: # OVERWRITE assume role policy, rest is populated by serverless | |
Version: "2012-10-17" | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: | |
- lambda.amazonaws.com | |
AWS: | |
- arn:aws:iam::123456789:root | |
- arn:aws:iam::012345678:root | |
Action: sts:AssumeRole |
Much appreciated, solved some of my headaches with building a pipeline spanning multiple services.
Thanks a lot!
Anyone else getting "The role defined for the function cannot be assumed by Lambda" when using this template?
Hi there,
I am facing this error too. Did you find a solution?
Anyone else getting "The role defined for the function cannot be assumed by Lambda" when using this template?
So sorry to bother you.
For future readers. This worked for me. I took a 30 mins nap and it worked. SERIOUSLY.
Reference:
https://stackoverflow.com/a/37438525/5753035
Can someone explain this section of the above example?
AWS:
- arn:aws:iam::123456789:root
- arn:aws:iam::012345678:root
@ezmiller it means that those AWS accounts can assume roles, but it's not something required - this whole block of AssumeRolePolicyDocument
is just an example of how you can overwrite trust policy, so change it to whatever you need. Here is the CloudFormation reference
Is this approach necessary if one is trying to set roles for a resource other than lambda that is created in custom resources? I'm trying to link an Eventbridge rule to other targets and running into what I think are permissions errors, but I have been unable to explicitly set the resource policies. See question here: https://forum.serverless.com/t/permissions-for-custom-resource-directing-eventbridge-events-to-targets/17241
bardzo dziękuję kolego!
Anyone else getting "The role defined for the function cannot be assumed by Lambda" when using this template?