https://pulumi.com logo
g

green-morning-1318

03/07/2020, 10:21 PM
… (message deleted)
s

swift-painter-31084

03/07/2020, 11:12 PM
You may be missing the
assumeRolePolicy
property on the role itself. When you create the Role does it have something like this?
Copy code
return new aws.iam.Role( 'sqs-to-ddb-role', {
		assumeRolePolicy: {
			Version: '2012-10-17',
			Statement: [
				{
					Effect: 'Allow',
					Principal: {
						Service: '<http://lambda.amazonaws.com|lambda.amazonaws.com>',
					},
					Action: 'sts:AssumeRole',
				},
			],
		},
Without giving lambda the ability to use sts, it cannot get tokens vended to call the Queue so though the Policy has all the requisite permissions, the role itself is trying to make the call without access keys, essentially.
g

green-morning-1318

03/08/2020, 12:11 AM
yup, I have that too 😞
Copy code
// Create the IAM policy for the function.
		roleArgs := &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(`{
				"Version": "2012-10-17",
				"Statement": [
				{
					"Action": "sts:AssumeRole",
					"Principal": {
						"Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
					},
					"Effect": "Allow",
					"Sid": ""
				}
				]
			}`),
			Description: pulumi.String("Role for the Payment Service of the ACME Serverless Fitness Shop"),
			Tags:        pulumi.Map(tagMap),
		}
Thanks for the suggestion, though 🙂
Okay! I found the error and if y’all need me I’ll be in a very dark corner crying… The error makes total sense, it was my fault that I wanted to read from the response queue and not the request queue 😳
w

worried-raincoat-8829

03/08/2020, 10:28 AM
Why did you delete the original question? 🤔
🤦 1