Why do I get 'execution role must be assumable' error when trying to deploy to Lambda@Edge?
I am trying to deploy to Lambda@Edge within AWS, but when I click on 'Deploy' I get this error message:
Correct the errors below and try again.
Your function's execution role must be assumable by the edgelambda.amazonaws.com service principal.
From the Lambda@Edge IAM Role documentation:
You must create an IAM role that can be assumed by the service principals lambda.amazonaws.com and edgelambda.amazonaws.com. This role is assumed by the service principals when they execute your function. For more information, see Creating the Roles and Attaching the Policies (Console) in the topic "AWS Managed Policies for Job Functions" in the IAM User Guide.
You add this role under the Trust Relationship tab in IAM (do not add it under the Permissions tab).
Here's an example role trust policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com", "edgelambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
Note : If you're doing this via the AWS Console then you have to refresh the browser after you update your IAM Role Credits: from comments @AJB
- Upload via presigned request - 403 forbidden for Unicode Filename
- Best practices for developing scalable video transcoding server on Amazon Web Services?
- Enable compression for AWS SQS Java API or how to tell if it's already on?
- Getting no basic auth credential from AWS ECR when pulling image
- How to load npm modules in AWS Lambda?
- Amazon EFS vs S3: Which is better for appending small chunks of data to large files?
- Is there a way to delay DynamoDB stream emissions while nearly parallel data is upserted to a record?
- Push docker image to amazon ecs repository
- AWS SSM Agent - Using the aws cli, is there a way to list all the AWS instances that are missing the SSM agent?
- CloudFormation is not authorized to perform: iam:PassRole on resource
- S3 - Access-Control-Allow-Origin Header
- How to run AWS codeartifact login and keep default registry
- aws s3api restore-object permission error
- AWS Amplify Functions allow.resource() not working
- Is it possible to enrich a message on an sqs queue
- Does EKS Auto Mode use AWS Load Balancer Controller?
- kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
- AWS Elasticache -- How to flush node from console?
- How to parameterize prevent_destroy lifecycle configuration in Terraform?
- RDS instance start: which subnet/AZ is selected?
- Connection refused error (127.0.0.1:4566) for Localstack S3
- Problem with file directory link in amazon s3
- Can I use aws-advanced-jdbc-wrapper with MySQL?
- Creating Lambda Snapstart with Typescript CDK
- How to force SQL Server container to immediately update MDF file in Docker volume?
- AWS Cloudwatch agent config file removed after startup
- AWS lambda SQS does not allow to process 1 message per 1 invocation
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Cloudfront redirect when signed cookies not present
- AWS Lambda and DynamoDB - updatetItem is not a function