The role defined for the function cannot be assumed by Lambda

I got the error "The role defined for the function cannot be assumed by Lambda" because i had not updated the roles "Trust Relationship" config file. I didn't encounter the timeout issues as in the linked answer in the comments.

The comments in the above answers pointed out that you need to add the following.

1. Go to 'IAM > Roles > YourRoleName'
   • (Note: if your role isn't listed, then you need to create it.)
2. Select the 'Trust Relationships' tab
3. Select 'Edit Trust Relationship'

Mine ended up like the below.

{  "Version": "2012-10-17",  "Statement": [    {      <your other rules>    },    {      "Effect": "Allow",      "Principal": {        "Service": "lambda.amazonaws.com"      },      "Action": "sts:AssumeRole"    }  ]}

I'm also encountering this error. Have not got a definitive answer (yet) but figured I'd pass along a couple of hints that may help you and/or anyone else hitting this problem.

A) If you build the Role ARN by putting together your account ID and role name, I think the account ID needs to be without any dashes

B) If you just created the role, and possibly added policies to it, there seems to be a (small) window of time in which the role will trigger this error. Sleeping 5 or 6 seconds between the last operation on the role and the create-function call allowed me to bypass the issue (but of course, the timing may be variable so this is at best a work-around).

For me, the issue was that I had an incomplete name for the role. I set

--role arn:aws:iam::000000000000:role/MyRoleName

when it should have been

--role arn:aws:iam::000000000000:role/service-role/MyRoleName

^{(of course my aws id isn't actually 000000000000)}

I discovered this by running

aws iam get-role --role-name MyRoleName

and looking at the "Arn" property in the result set.