… (message deleted)
# general
g
… (message deleted)
s
You may be missing the
assumeRolePolicy
property on the role itself. When you create the Role does it have something like this?
Copy code
return new aws.iam.Role( 'sqs-to-ddb-role', {
		assumeRolePolicy: {
			Version: '2012-10-17',
			Statement: [
				{
					Effect: 'Allow',
					Principal: {
						Service: '<http://lambda.amazonaws.com|lambda.amazonaws.com>',
					},
					Action: 'sts:AssumeRole',
				},
			],
		},
Without giving lambda the ability to use sts, it cannot get tokens vended to call the Queue so though the Policy has all the requisite permissions, the role itself is trying to make the call without access keys, essentially.
g
yup, I have that too 😞
Copy code
// Create the IAM policy for the function.
		roleArgs := &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(`{
				"Version": "2012-10-17",
				"Statement": [
				{
					"Action": "sts:AssumeRole",
					"Principal": {
						"Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
					},
					"Effect": "Allow",
					"Sid": ""
				}
				]
			}`),
			Description: pulumi.String("Role for the Payment Service of the ACME Serverless Fitness Shop"),
			Tags:        pulumi.Map(tagMap),
		}
Thanks for the suggestion, though 🙂
Okay! I found the error and if y’all need me I’ll be in a very dark corner crying… The error makes total sense, it was my fault that I wanted to read from the response queue and not the request queue 😳
w
Why did you delete the original question? 🤔
🤦 1