SWF child workflows fail to schedule lambda tasks even though they are created with a role with access to lambda. Task fail with the error below.
ASSUME_ROLE_FAILED
After hours of debugging I sorted out what was the issue.
User accessing the swf api need permission to perform action "iam:PassRole". Got it working using the policy below.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt14762077XXXXX",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::XXXXXXXXX:role/XXXXXXRole"
]
}
]
}