Lambda service throws error execution role does not have permissions to call receiveMessage on SQS

amazon-web-services aws-lambda amazon-sqs
32,530

Solution 1

  • Hi as far as i can understand your lambda needs the following permission on it aws docs
  • Hope its not in a VPC.

aws_lambda_permission

  • Or may be give it a god mode on sqs:* just for testing it.

  • If that works maybe later on you can then go for specific methods only. Attached a policy for a lambda role you might have to change account_number to your account no if you need to invoke another lambda form this lambda

     {
 "Version": "2012-10-17",
 "Statement": [
     {
         "Sid": "",
         "Effect": "Allow",
         "Action": "lambda:InvokeFunction",
         "Resource": "arn:aws:lambda:eu-west-2:account_number:function:*"
     },
     {
         "Sid": "",
         "Effect": "Allow",
         "Action": [
             "logs:PutLogEvents",
             "logs:CreateLogStream",
             "logs:CreateLogGroup"
         ],
         "Resource": "*"
     },
     {
         "Sid": "",
         "Effect": "Allow",
         "Action": [
             "sqs:*"
         ],
         "Resource": "*"
     }
 ]

    }

Solution 2

Although solution for this may have been achieved by now.. but since this thread was suggested to me at the top.. i will post the answer for other users:

I faced same issue even after giving SQS full access to user. The problem is with the lambda execution role. When lambda is created, it needs to be assigned a lambda execution role. Most users assign the auto-generated execution role while creating lambda. That execution role does not have permissions for SQS.

So open lambda >> Click Permissions tab >> edit execution role at the top >> assign SQS permissions >> boom.

[edit]This is now under Configuration >> Permissions

permissions tab showing execution role

Solution 3

You need following permissions attached to the role, your lambda assumes

  • sqs:ReceiveMessage
  • sqs:DeleteMessage
  • sqs:GetQueueAttributes

In case you are using Terraform:

data "aws_iam_policy_document" "YOUR_DOCUMENT" {
  statement {
    sid       = "some_id"
    actions   = [
      "sqs:ReceiveMessage",
      "sqs:DeleteMessage",
      "sqs:GetQueueAttributes"
    ]
    resources = [
      aws_sqs_queue.YOUR_QUEUE.arn
    ]
  }
}

resource "aws_iam_policy" "YOUR_POLICY" {
  name   = "your_policy"
  policy = data.aws_iam_policy_document.YOUR_DOCUMENT.json
}

resource "aws_iam_role_policy_attachment" "POLICY_ATTACHMENT" {
  role       = aws_iam_role.YOUR_LAMBDA_ROLE.name
  policy_arn = aws_iam_policy.YOUR_POLICY.arn
}

resource "aws_lambda_function" "YOUR_LAMBDA" {
  ....
  role = aws_iam_role.YOUR_LAMBDA_ROLE.arn
  ....
}
Share:
32,530
user3165854
Author by

user3165854

Updated on March 05, 2022

Comments

  • user3165854
    user3165854 about 2 years

    I have a SQS queue and I want to trigger a lambda function when a message arrives in the queue. I have written the lambda function and that works successfully when I click the "Test" button. When I go to SQS and try to configure it as a lambda trigger I see the error message below.

    I have created the SQS queue and lambda function using the same user and role and the lambda function has execute permissions against the same role.

    I also have also added SQS receiveMessage permission but it doesn't seem to make a difference unless I'm doing something wrong when I set it.

    What could be causing the problem?

    Thanks for any help

    enter image description here

    • Tuong Le
      Tuong Le about 5 years
      You need to check permission in the SQS itself as well.
  • Abdelhadi Abdo
    Abdelhadi Abdo over 2 years
    works like a charm thanks a million bro

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AWS SQS permissions for AWS Lambda
How to process SQS queue with lambda function (not via scheduled events)?
SNS to Lambda vs SNS to SQS to Lambda
Access to the resource https://sqs.us-east-1.amazonaws.com/ is denied
Send emails using SQS or SNS
Read SQS queue from AWS Lambda
SQS triggers Lambda with multiple records/messages?
How to send a message to local SQS queue using python boto3?
AWS Lambda and Redis
Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?