proud-spoon-58287
05/17/2021, 10:45 AMaws:lambda:Function (data-feed-property-data-fetcher):
error: 1 error occurred:
* error creating Lambda Function (1): InvalidParameterValueException: The provided execution role does not have permissions to call SendMessage on SQS
{
RespMetadata: {
StatusCode: 400,
RequestID: "1ca54399-576d-40bc-829a-c2c31790fd72"
},
Message_: "The provided execution role does not have permissions to call SendMessage on SQS",
Type: "User"
}
as per AWS docs, I have attached the following policy:
arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole'
but I got the same error.
I am using the latest version of pulumi and aws in node.console.log(' - creating global IAM Role for data feed Lambda functions')
const lambdaRole = new aws.iam.Role('iamr-data-feed-lambda', {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
},
"Effect": "Allow"
}
]
}`
})
console.log(' - attaching AWSLambda_FullAccess managed policy to Lambda role')
// eslint-disable-next-line no-new
new aws.iam.RolePolicyAttachment('iamrpa-data-feed-lambda-role-lambda-access-policy', {
role: lambdaRole.name,
policyArn: 'arn:aws:iam::aws:policy/AWSLambda_FullAccess'
})
console.log(' - attaching AWSLambdaVPCAccessExecutionRole managed policy to Lambda role')
// eslint-disable-next-line no-new
new aws.iam.RolePolicyAttachment('iamrpa-data-feed-lambda-role-vpc-access-policy', {
role: lambdaRole.name,
policyArn: 'arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole'
})
console.log(' - attaching AWSLambdaSQSQueueExecutionRole managed policy to Lambda role')
// eslint-disable-next-line no-new
new aws.iam.RolePolicyAttachment('iamrpa-data-feed-lambda-role-sqs-queue-policy', {
role: lambdaRole.name,
policyArn: 'arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole'
})
gorgeous-country-43026
05/17/2021, 12:30 PMAWSLambdaSQSQueueExecutionRole – Permission to read a message from an Amazon Simple Queue Service (Amazon SQS) queue.
proud-spoon-58287
05/17/2021, 12:42 PMconst sqsLambdaRole = new aws.iam.Policy('policy', {
path: '/',
description: 'SQSLambdaRole',
policy: JSON.stringify({
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Action: [
'sqs:DeleteMessage',
'logs:CreateLogStream',
'sqs:ReceiveMessage',
'sqs:SendMessage',
'sqs:SendMessageBatch',
'sqs:GetQueueAttributes',
'logs:CreateLogGroup',
'logs:PutLogEvents'
],
Resource: '*'
}
]
})
})
gorgeous-country-43026
05/18/2021, 5:15 AM'sqs:*'
and see if it works after that. AWS IAM permissions are pain in the ass in general.proud-spoon-58287
05/18/2021, 7:00 AM