search

Miserlou / Zappa

Serverless Python
https://blog.zappa.io/
MIT License
11.89k stars 1.21k forks source link

cannot be assumed by principal 'events.amazonaws.com', when using events #2168

Open saeedesmaili opened 3 years ago

saeedesmaili commented 3 years ago

I have a flask project and it is deployed to the AWS Lambda using the Zappa, and it works fine. I'm trying to add an event in the zappa_settings.json to run some function regularly. The settings config that was working (without events) was:

{
    "dev": {
        "app_function": "app.app",
        "profile_name": "default",
        "project_name": "contactclipper2",
        "runtime": "python3.8",
        "s3_bucket": "zappa-i4hsr8rya",
        "aws_region": "us-west-2",
        "keep_warm": false,
        "use_precompiled_packages": false,
        "memory_size": 3008
    }
}

and I added these two lines, so the settings changed to:

{
    "dev": {
        "app_function": "app.app",
        "profile_name": "default",
        "project_name": "contactclipper2",
        "runtime": "python3.8",
        "s3_bucket": "zappa-i4hsr8rya",
        "aws_region": "us-west-2",
        "keep_warm": false,
        "use_precompiled_packages": false,
        "memory_size": 3008,
        "events": [{
            "function": "alerts.test_alert",
            "expression": "rate(1 minute)"
        }]
    }
}

But now I can't update or schedule the project and I get this error:

botocore.exceptions.ClientError: An error occurred (ValidationException) when calling the PutRule operation: Provided role 'arn:aws:iam::199151782709:role/contactclipper2-dev-ZappaLambdaExecutionRole' cannot be assumed by principal 'events.amazonaws.com'.

This is the role's trust entities: image

What should I do to fix this and have a working event (cron job)?

hortonew commented 3 years ago

Which role are you showing the permissions of here? The role that needs the events.amazonaws.com as a trusted entity is the role that's attached to your lambda. I believe that's role/zappa-test-dev-ZappaLambdaExecutionRole in your case, but you're showing that assigned here which makes me think this is the wrong role.

Navigate to your lambda, find out what role it's executing with, then assign that role the trusted entities. If you are showcasing that here, then more troubleshooting will be needed.

saeedesmaili commented 3 years ago

@hortonew The screenshot belongs the arn:aws:iam::199151782709:role/contactclipper2-event-dev-event-ZappaLambdaExecutionRole Role that the error says it doesn't have events.amazonaws.com trsuted entity (but it has).

I navigated a lot in the Lambda's permissions and roles and couldn't find the problem. I even gave the administrator access to the user but I still get this error.