Modifying role name causes lambda invocation error



I have a Serverless pipeline that has a Firehose that has a processing Lambda before it writes to Elasticsearch. I found that when I just change the name of the IAM Role name (and update all references to the new name) and redeploy, invoking the Lambda doesn’t work anymore even though the actual Role permissions are unchanged.

The serverless.yml has:

      blah blah

I do something like:

      blah blah (<--- completely unchanged)

and modify wherever there was TestServiceFirehoseRole with NameChangedTestServiceFirehoseRole.

I then update the pipeline via:

serverless deploy

then I get the error:

{"attemptsMade":4,"arrivalTimestamp":1552588269497,"errorCode":"Lambda.InvalidSecurityToken","errorMessage":"Could not invoke Lambda function due to invalid security token. Cross partition Lambda invocation is not supported.","attemptEndingTimestamp":1552588362300,"rawData":"blah blah","subsequenceNumber":0,"lambdaArn":"processing lambda ARN"}

Any thoughts why this is? My concern is that someone in the future comes along and decides the names I chose were not descriptive enough, makes a seemingly innocuous change, redploys and then the pipeline breaks.