InvalidParameterValueException: The role defined for the function cannot be assumed by Lambda

javascript node.js amazon-web-services aws-sdk aws-lambda

11,023

This error happens when the role is invalid (which is not the case) or when you try to create the Lambda function just after the role creation. Amazon needs a few seconds to replicate your new role through all regions. So, the fix here is to wait a few seconds before creating the Lambda function.

Solution - Example 1:

var AWS = require('aws-sdk');
var lambda = new AWS.Lambda();

var params = {}; // define your parameters

lambda.createFunction(params, function(err, data) {
    if (err && err.code === 'InvalidParameterValueException') {

        // try again after a few seconds
        setTimeout(function(){
            lambda.createFunction(params, callback);
        }, 10000);
    } else {
        callback(err, data);
    }
});

Solution - Example 2:

Usually, waiting 5 seconds is enough, but it can also take a little more. For a more robust solution, you can use a retry module like this one.

var AWS = require('aws-sdk');
var retry = require('retry');
var lambda = new AWS.Lambda();

var params = {}; // define your parameters

var operation = retry.operation({
    retries: 3,           // try 1 time and retry 3 times if needed, total = 4
    minTimeout: 1 * 1000, // the number of milliseconds before starting the first retry
    maxTimeout: 15 * 1000 // the maximum number of milliseconds between two retries
});

operation.attempt(function(currentAttempt) {
    lambda.createFunction(params, function(err, data) {
        if (operation.retry(err) && err.code === 'InvalidParameterValueException')
            return;

        callback(err);
    });
});

11,023

Author by

Zanon

Author of the book: Building Serverless Web Applications. Currently interested in: serverless, machine-learning, gamedev. If you want to support me, you can buy me a coffee:

Updated on June 21, 2022

Comments

Zanon almost 2 years
I'm using the AWS SDK for JavaScript and it is returning the following error when I try to create a Lambda function:

InvalidParameterValueException: The role defined for the function cannot be assumed by Lambda.

I've double-checked my role and it is perfectly valid. However, I'm still unable to create the Lambda function.

My role trust relationship is:
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "lambda.amazonaws.com"
                ]
            },
            "Action": [
                "sts:AssumeRole"
            ]
        }
    ]
}
```
chepukha over 5 years

+1 Thanks for sharing your solution. I had this same problem too. I've tried sleeping myself but the amount of times varied. The second solution looks robust. I hope IAM had a status code to indicate that the role is not ready to be consumed yet :(