CloudFormation stack deployment failed on IAM role creation due to error - Resource handler returned message: "null"


I'm currently working on AWS Code Family Introduction workshop to familiarize myself with AWS' products. I'm at the part where I create a SAM project and using SAM CLI to create a serverless CodePipeline CI pipeline. All is well until I push my commit and trigger CodePipeline to execute the deployment of the project using CloudFormation. When CloudFormation gets to the point of provisioning the IAM role for Lambda functions for the sample API Gateway, I see the following error message:

Resource handler returned message: "null"

This then cascades into other failures such as "Resource creation cancelled" for "getByIdFunctionRole" and a few other roles followed by "The following resource(s) failed to create: [getAllItemsFunctionRole, putItemFunctionRole, getByIdFunctionRole]. Rollback requested by user."

It is evident that the initial error message is not very helpful. One thing I've considered is if the CodePipeline service role was missing IAM permission to create a role. However, when I checked, the IAM policy that was attached, the effect statement was set to allow on action and resource "*" . This leads me to believe it should have all the required access. I tried checking CloudTrail for hints on the failure, but I'm having a hard time trying to locate the user used for deployment. When I did find events that are related to CloudFormation such as CreateStack, I don't see any error messages in the logs.

I've been grinding away on this problem for 30 minutes and I'm out of ideas. What can I do to narrow down the problem further to identify the root cause? Thanks in advance.

질문됨 한 달 전215회 조회
1개 답변


I believe that the creation of an IAM role is recorded in CloudTrail as an event called "CreateRole".
So, try searching for this event in CloudTrail's event history and see if an error has occurred.
By the way, please note that the "CreateRole" event cannot be found unless you look at CloudTrail in the us-east-1 region.

profile picture
답변함 한 달 전
profile picture
검토됨 한 달 전
profile pictureAWS
검토됨 한 달 전
  • Agree with Riku: tracing via CloudTrail will allow you to see which API steps were taken by CloudTrail until the stack fails.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠