The role defined for the function cannot be assumed by Lambda
I got the error "The role defined for the function cannot be assumed by Lambda" because i had not updated the roles "Trust Relationship" config file. I didn't encounter the timeout issues as in the linked answer in the comments.
The comments in the above answers pointed out that you need to add the following.
- Go to 'IAM > Roles > YourRoleName'
- (Note: if your role isn't listed, then you need to create it.)
- Select the 'Trust Relationships' tab
- Select 'Edit Trust Relationship'
Mine ended up like the below.
{ "Version": "2012-10-17", "Statement": [ { <your other rules> }, { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ]}
I'm also encountering this error. Have not got a definitive answer (yet) but figured I'd pass along a couple of hints that may help you and/or anyone else hitting this problem.
A) If you build the Role ARN by putting together your account ID and role name, I think the account ID needs to be without any dashes
B) If you just created the role, and possibly added policies to it, there seems to be a (small) window of time in which the role will trigger this error. Sleeping 5 or 6 seconds between the last operation on the role and the create-function call allowed me to bypass the issue (but of course, the timing may be variable so this is at best a work-around).
For me, the issue was that I had an incomplete name for the role. I set
--role arn:aws:iam::000000000000:role/MyRoleName
when it should have been
--role arn:aws:iam::000000000000:role/service-role/MyRoleName
(of course my aws id isn't actually 000000000000)
I discovered this by running
aws iam get-role --role-name MyRoleName
and looking at the "Arn"
property in the result set.