I’m trying to create a lambda with SQS event triggers. The SQS services are specified in my Resources section and create correct when I deploy, however referencing them in the iam section fails with the following message:
An error occurred: IamRoleLambdaExecution - Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: e49d9ccd-0f5d-4333-acb8-f1f3704942f6).
N.b. when viewing the event in CloudFormation no further information to help triage the issue is displayed.
I’m using Fn::GetAtt: to get the queue ARNs. Below is the iamRoleStatements section of my serverless.yml:
iamRoleStatements:
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:DeleteMessage
- sqs:GetQueueAttributes
- sqs:SendMessage
Resource:
arn:
Fn::GetAtt: [SQSQueuePublisher, Arn]
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:DeleteMessage
- sqs:GetQueueAttributes
- sqs:SendMessage
Resource:
arn:
Fn::GetAtt: [SQSQueueSubscriber, Arn]
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:DeleteMessage
- sqs:GetQueueAttributes
- sqs:SendMessage
Resource:
arn:
Fn::GetAtt: [SQSQueueReducer, Arn]
Any help greatly appreciated here as I’m struggling to make progress!
Cheers.