Search code examples
amazon-web-servicesaws-lambdaamazon-sqs

Lambda service throws error execution role does not have permissions to call receiveMessage on SQS

I have a SQS queue and I want to trigger a lambda function when a message arrives in the queue. I have written the lambda function and that works successfully when I click the "Test" button. When I go to SQS and try to configure it as a lambda trigger I see the error message below.

I have created the SQS queue and lambda function using the same user and role and the lambda function has execute permissions against the same role.

I also have also added SQS receiveMessage permission but it doesn't seem to make a difference unless I'm doing something wrong when I set it.

What could be causing the problem?

Thanks for any help

enter image description here

Solution
    • Hi as far as i can understand your lambda needs the following permission on it aws docs
    • Hope its not in a VPC.

    aws_lambda_permission

    • Or may be give it a god mode on sqs:* just for testing it.

    • If that works maybe later on you can then go for specific methods only. Attached a policy for a lambda role you might have to change account_number to your account no if you need to invoke another lambda form this lambda

       {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Sid": "",
             "Effect": "Allow",
             "Action": "lambda:InvokeFunction",
             "Resource": "arn:aws:lambda:eu-west-2:account_number:function:*"
         },
         {
             "Sid": "",
             "Effect": "Allow",
             "Action": [
                 "logs:PutLogEvents",
                 "logs:CreateLogStream",
                 "logs:CreateLogGroup"
             ],
             "Resource": "*"
         },
         {
             "Sid": "",
             "Effect": "Allow",
             "Action": [
                 "sqs:*"
             ],
             "Resource": "*"
         }
     ]
 }