No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

You may be missing the `assumeRolePolicy` property on the role itself. When you create the Role does it have something like this?
```return new aws.iam.Role( 'sqs-to-ddb-role', {
		assumeRolePolicy: {
			Version: '2012-10-17',
			Statement: [
				{
					Effect: 'Allow',
					Principal: {
						Service: '<http://lambda.amazonaws.com|lambda.amazonaws.com>',
					},
					Action: 'sts:AssumeRole',
				},
			],
		},```
Without giving lambda the ability to use sts, it cannot get tokens vended to call the Queue so though the Policy has all the requisite permissions, the role itself is trying to make the call without access keys, essentially.

yup, I have that too :disappointed:

```		// Create the IAM policy for the function.
		roleArgs := &amp;iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(`{
				"Version": "2012-10-17",
				"Statement": [
				{
					"Action": "sts:AssumeRole",
					"Principal": {
						"Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
					},
					"Effect": "Allow",
					"Sid": ""
				}
				]
			}`),
			Description: pulumi.String("Role for the Payment Service of the ACME Serverless Fitness Shop"),
			Tags:        pulumi.Map(tagMap),
		}```


Thanks for the suggestion, though :slightly_smiling_face:

Okay! I found the error and if y’all need me I’ll be in a very dark corner crying… The error makes total sense, it was my fault that I wanted to read from the response queue and not the request queue :flushed:

Why did you delete the original question? :thinking_face: