Attach an existing role to AWS Lambda with AWS CDK
Question
I want to attach and existing role to a lambda created using CDK I am doing the below
const role1 = iam.Role.fromRoleArn(this, 'Role', 'ARN', {
mutable: true,
});
const lambda1 = new lambda.Function(this, 'lambda1', {
runtime: lambda.Runtime.PYTHON_3_7,
code: lambda.Code.asset('lambda/lambda1_function'),
handler: 'lambda_function.lambda_handler',
role:role1,
reservedConcurrentExecutions: 1
});
getting the below exception when I run cdk deploy
The role defined for the function cannot be assumed by Lambda. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID:
If someone could help to fix this PS: I am using typescript CDK@1.27.0
2 answers
solution1
2 2020-05-14 21:29:45
Based on the comments, the issue was incorrect trust policy in the role.
The issue was solved by adding lambda.amazonaws.com to the trust policy .
solution2
1 ACCPTED 2020-05-14 04:02:29
As per the role parameter documentation:
Lambda execution role.
This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal .
this can be achieved by granting permission to lambda service:
role1.grant(new iam.ServicePrincipal("lambda.amazonaws.com"))
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.