Permission denied when calling AWS Lambda function from AWS CodePipeline

Question

I've set my pipeline to invoke a AWS Lamba function. After a runtime of 10 minutes, this is the error I get:

Action execution failed The AWS Lambda function addAMIToAutoScalingLC failed to return a result. Check the function to verify that it has permission to call the PutJobSuccessResult action and that it made a call to PutJobSuccessResult.

The logs themselves do not contain relevant informations.

I think my IAM permissions are set-up properly:

• The Lambda function is run with a role that has: AWSLambdaFullAccess, AWSCodePipelineFullAccess.
• The CodePipeline is I think run with the role AWS-CodePipeline-Service that has: AWSLambdaFullAccess

I think that my script makes the call to PutJobSuccessResult because when I test the script I get a Execution result: succeeded.

My script does not need any parameters so I have not provided any User Parameter in CodePipeline.

What should I do to further investigate?

Answer 1

Found the answer. The problem did not come from permission, but rather from the absence of call to PutJobSuccessResult: The pipeline did not know that the lambda function was done, so waited until timeout.

This block of code solved the problem (Python):

import boto3
pipeline = boto3.client('codepipeline')

def lambda_handler(event, context):

    # stuff

    response = pipeline.put_job_success_result(
        jobId=event['CodePipeline.job']['id']
    )
    return response