green-morning-1318
03/07/2020, 10:21 PMswift-painter-31084
03/07/2020, 11:12 PMassumeRolePolicy
property on the role itself. When you create the Role does it have something like this?
return new aws.iam.Role( 'sqs-to-ddb-role', {
assumeRolePolicy: {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Principal: {
Service: '<http://lambda.amazonaws.com|lambda.amazonaws.com>',
},
Action: 'sts:AssumeRole',
},
],
},
Without giving lambda the ability to use sts, it cannot get tokens vended to call the Queue so though the Policy has all the requisite permissions, the role itself is trying to make the call without access keys, essentially.green-morning-1318
03/08/2020, 12:11 AM// Create the IAM policy for the function.
roleArgs := &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(`{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
},
"Effect": "Allow",
"Sid": ""
}
]
}`),
Description: pulumi.String("Role for the Payment Service of the ACME Serverless Fitness Shop"),
Tags: pulumi.Map(tagMap),
}
worried-raincoat-8829
03/08/2020, 10:28 AM