InvalidParameterValueException: The role defined for the function cannot be assumed by Lambda
This error happens when the role is invalid (which is not the case) or when you try to create the Lambda function just after the role creation. Amazon needs a few seconds to replicate your new role through all regions. So, the fix here is to wait a few seconds before creating the Lambda function.
Solution - Example 1:
var AWS = require('aws-sdk');
var lambda = new AWS.Lambda();
var params = {}; // define your parameters
lambda.createFunction(params, function(err, data) {
if (err && err.code === 'InvalidParameterValueException') {
// try again after a few seconds
setTimeout(function(){
lambda.createFunction(params, callback);
}, 10000);
} else {
callback(err, data);
}
});
Solution - Example 2:
Usually, waiting 5 seconds is enough, but it can also take a little more. For a more robust solution, you can use a retry module like this one.
var AWS = require('aws-sdk');
var retry = require('retry');
var lambda = new AWS.Lambda();
var params = {}; // define your parameters
var operation = retry.operation({
retries: 3, // try 1 time and retry 3 times if needed, total = 4
minTimeout: 1 * 1000, // the number of milliseconds before starting the first retry
maxTimeout: 15 * 1000 // the maximum number of milliseconds between two retries
});
operation.attempt(function(currentAttempt) {
lambda.createFunction(params, function(err, data) {
if (operation.retry(err) && err.code === 'InvalidParameterValueException')
return;
callback(err);
});
});
Zanon
Author of the book: Building Serverless Web Applications. Currently interested in: serverless, machine-learning, gamedev. If you want to support me, you can buy me a coffee:
Updated on June 21, 2022Comments
-
Zanon almost 2 years
I'm using the AWS SDK for JavaScript and it is returning the following error when I try to create a Lambda function:
InvalidParameterValueException: The role defined for the function cannot be assumed by Lambda.
I've double-checked my role and it is perfectly valid. However, I'm still unable to create the Lambda function.
My role trust relationship is:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }
-
chepukha over 5 years+1 Thanks for sharing your solution. I had this same problem too. I've tried sleeping myself but the amount of times varied. The second solution looks robust. I hope IAM had a status code to indicate that the role is not ready to be consumed yet :(