You did a zappa deploy and it failed with An error occurred (ValidationException) when calling the PutRule operation: Provided role <your lambda role> cannot be assumed by principal 'events.amazonaws.com'?
You tried to create a lambda with a new handmade role only to be greeted by this cryptic error message. Or you tried to use an already existing role with lambda.
Translating the message: it means you haven't authorized the lambda service to assume the role, so lambdas can't use it. So, how do we add that authorization?
- Go to https://console.aws.amazon.com/iam/
- Click roles on the left.
- Click the role you want to use for lambda.
- Click the tab
trust relationships. - Click the button
Edit trust relationship. - If this lambda is only to be used by lambda, you can just replace the policy by:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"apigateway.amazonaws.com",
"lambda.amazonaws.com",
"events.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
- If not, just make sure you add to the
Statementlist the statement:
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"apigateway.amazonaws.com",
"lambda.amazonaws.com",
"events.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
- Click
Update trust policy.
In the end you should see something like this:
