AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

The execution role you provide must allow AWS EventBridge Scheduler to assume the role

0

When trying to set up a Event Bridge scheduler to run a simple lambda function , I get the following error: "The execution role you provide must allow AWS EventBridge Scheduler to assume the role"

I have tried creating the scheduler using "custom execution" role as well as allowing "AWS to create a new one" . Both execution roles have the assumeRole in the Trust-Relationship as shown below:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "scheduler.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "XXXXXXXXXXX" } } } ] } Please note, I am able to successfully setup a scheduler event on another AWS account following the same steps in the same region. Could there any be anything fundamentally missing in the AWS account??

There is another thread in rePost with the same error, but none of the solutions there seems to work. Please help!

주제
서버리스애플리케이션 통합보안, 신원 및 규정 준수
태그
아마존 EventBridgeIAM 정책
언어
English
Neel
질문됨 한 달 전180회 조회
1개 답변
2
수락된 답변

Well it could be multiple things, like if both (eventbridge and lambda) are on the same account, or probably a simpler explanation how did you create the lambda function. Lambda functions have a resource policy control, which you need to configure to allow it to be invoked from the eventbridge service, so you need to add something like this:

aws lambda add-permission \
--function-name LogScheduledEvent \
--statement-id my-scheduled-event \
--action 'lambda:InvokeFunction' \
--principal events.amazonaws.com \
--source-arn arn:aws:events:us-east-1:123456789012:rule/my-scheduled-rule

To make sure that EventBrige can invoke the lambda function, you have a good example documented here: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-run-lambda-schedule.html

Hope this helps. Anyway for the next time if you can include your cloudtrail Deny event would help a lot to diagnose. Thanks!

Best,

profile pictureAWS
JuanEn_G
답변함 한 달 전
profile picture
전문가
Oleksii Bebych
검토됨 한 달 전
profile picture
전문가
Osvaldo Marte
검토됨 한 달 전
  • Osvaldo Marte 전문가
    한 달 전

    @Neel, the issue you're encountering is likely due to an incorrect Principal in your role trust policy. You should be using events.amazonaws.com instead.

    Key Source:

  • Neel
    한 달 전

    Thanks for link to the documentation. I was able to setup a Rule instead of a Schedule to run the lambda using the CLI. The Principal role Trust Policy is now set to events.amazonaws.com instead of scheduler.amazonaws.com

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠