Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

The execution role you provide must allow AWS EventBridge Scheduler to assume the role

0

When trying to set up a Event Bridge scheduler to run a simple lambda function , I get the following error: "The execution role you provide must allow AWS EventBridge Scheduler to assume the role"

I have tried creating the scheduler using "custom execution" role as well as allowing "AWS to create a new one" . Both execution roles have the assumeRole in the Trust-Relationship as shown below:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "scheduler.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "XXXXXXXXXXX" } } } ] } Please note, I am able to successfully setup a scheduler event on another AWS account following the same steps in the same region. Could there any be anything fundamentally missing in the AWS account??

There is another thread in rePost with the same error, but none of the solutions there seems to work. Please help!

Tópicos
Sem servidorIntegração de aplicativosSegurança, identidade e conformidade
Tags
Amazon EventBridgePolíticas do IAM
Idioma
English
Neel
feita há um mês180 visualizações
1 Resposta
2
Resposta aceita

Well it could be multiple things, like if both (eventbridge and lambda) are on the same account, or probably a simpler explanation how did you create the lambda function. Lambda functions have a resource policy control, which you need to configure to allow it to be invoked from the eventbridge service, so you need to add something like this:

aws lambda add-permission \
--function-name LogScheduledEvent \
--statement-id my-scheduled-event \
--action 'lambda:InvokeFunction' \
--principal events.amazonaws.com \
--source-arn arn:aws:events:us-east-1:123456789012:rule/my-scheduled-rule

To make sure that EventBrige can invoke the lambda function, you have a good example documented here: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-run-lambda-schedule.html

Hope this helps. Anyway for the next time if you can include your cloudtrail Deny event would help a lot to diagnose. Thanks!

Best,

profile pictureAWS
JuanEn_G
respondido há um mês
profile picture
ESPECIALISTA
Oleksii Bebych
avaliado há um mês
profile picture
ESPECIALISTA
Osvaldo Marte
avaliado há um mês
  • Osvaldo Marte ESPECIALISTA
    há um mês

    @Neel, the issue you're encountering is likely due to an incorrect Principal in your role trust policy. You should be using events.amazonaws.com instead.

    Key Source:

  • Neel
    há um mês

    Thanks for link to the documentation. I was able to setup a Rule instead of a Schedule to run the lambda using the CLI. The Principal role Trust Policy is now set to events.amazonaws.com instead of scheduler.amazonaws.com

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante