The role defined for the function cannot be assumed by Lambda

Midhun Sudhakar picture Midhun Sudhakar · Apr 5, 2016 · Viewed 49.1k times · Source

I'm getting the error "The role defined for the function cannot be assumed by Lambda" when I'm trying to create a lambda function with create-function command.

aws lambda create-function
--region us-west-2
--function-name HelloPython
--zip-file fileb://hello_python.zip
--role arn:aws:iam::my-acc-account-id:role/default
--handler hello_python.my_handler
--runtime python2.7
--timeout 15
--memory-size 512

Answer

Emile picture Emile · Oct 4, 2016

I got the error "The role defined for the function cannot be assumed by Lambda" because i had not updated the roles "Trust Relationship" config file. I didn't encounter the timeout issues as in the linked answer in the comments.

The comments in the above answers pointed out that you need to add the following.

  1. Go to 'IAM > Roles > YourRoleName'
    • (Note: if your role isn't listed, then you need to create it.)
  2. Select the 'Trust Relationships' tab
  3. Select 'Edit Trust Relationship'

Mine ended up like the below.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      <your other rules>
    },
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}