https://pulumi.com
Join Slack
This message was deleted.
# general
s
This message was deleted.
s
You may be missing the 
assumeRolePolicy
property on the role itself. When you create the Role does it have something like this?
Copy code
return new aws.iam.Role( 'sqs-to-ddb-role', {
		assumeRolePolicy: {
			Version: '2012-10-17',
			Statement: [
				{
					Effect: 'Allow',
					Principal: {
						Service: '<http://lambda.amazonaws.com|lambda.amazonaws.com>',
					},
					Action: 'sts:AssumeRole',
				},
			],
		},
Without giving lambda the ability to use sts, it cannot get tokens vended to call the Queue so though the Policy has all the requisite permissions, the role itself is trying to make the call without access keys, essentially.
g
yup, I have that too 😞
Copy code
// Create the IAM policy for the function.
		roleArgs := &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(`{
				"Version": "2012-10-17",
				"Statement": [
				{
					"Action": "sts:AssumeRole",
					"Principal": {
						"Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
					},
					"Effect": "Allow",
					"Sid": ""
				}
				]
			}`),
			Description: pulumi.String("Role for the Payment Service of the ACME Serverless Fitness Shop"),
			Tags:        pulumi.Map(tagMap),
		}
Thanks for the suggestion, though 🙂
Okay! I found the error and if y’all need me I’ll be in a very dark corner crying… The error makes total sense, it was my fault that I wanted to read from the response queue and not the request queue 😳
w
Why did you delete the original question? 🤔
🤦 1
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by