Custom role definition for lambda timing issue?

lambda
#1

I’ve got a custom role defined for my lambda but when deploying it seems to be failing though not all the time.

Here’s what my serverless.yml looks like:

service: reverseProxyCheck # NOTE: update this with your service name

frameworkVersion: ">=1.28.0 <2.0.0"

provider:
  name: aws
  runtime: go1.x

package:
  exclude:
    - ./**
  include:
    - ./bin/**

functions:
  reverseProxyCheck:
    handler: bin/lambda
    timeout: 300
    name: reverseProxyCheck
    role: rvsHealthCheckRole
    environment:
      PROXY_ADDRESS: ${opt:proxy-address}
      SDB_DOMAIN_NAME: !Ref reverseProxyDB
    events:
      - schedule:
          name: rvs-health-check-event
          description: "Scheduled event to check on the health of the reverse proxy"
          rate: rate(1 minute)

resources:
  Resources:
    reverseProxyDB:
      Type: AWS::SDB::Domain
      Properties:
        Description: "DB to keep track of the reverse proxy's current state"
    rvsHealthCheckRole:
      Type: AWS::IAM::Role
      Properties:
        Path: /
        RoleName: rvsHealthCheckRole
        AssumeRolePolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action: sts:AssumeRole
        Policies:
          - PolicyName: rvsHealthCheckRole
            PolicyDocument:
              Version: "2012-10-17"
              Statement:
                - Effect: "Allow"
                  Action:
                    - "logs:*"
                    - "firehose:*"
                    - "s3:*"
                    - "sdb:*"
                  Resource:
                    - "*"
  Outputs:
    ReverseProxyDBName:
      Description: "Reverse Proxy DB DomainName"
      Value: !Ref reverseProxyDB

When it fails this is the serverless error I’m seeing:
The role defined for the function cannot be assumed by Lambda.

It seems like a timing issue to me as it does succeed most of the time locally, but when I run it through CircleCI it fails at least 50% of the time.

Am I missing anything?

#2

Hi, have you tried to use role: !GetAtt rvsHealthCheckRole.Arn instead of role: rvsHealthCheckRole ? I can be wrong, but it seems to me that you need to pass an arn.

1 Like
#3

Yep, trying that now. Let’s see how it goes.
Thanks!