AccessDeniedException: Cross-account pass role is not allowed - but it's root account

[Maverick1983]

I use service connection on DevOps Azure for deploy new Lambda. I use Access key ID and Secret from root user, but I receive:

##[error]Error: Failed to create function, error AccessDeniedException: Cross-account pass role is not allowed.

Log from DevOps Azure Pipeline:

_##[debug]AWS createFunction request ID: 93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc

[debug]---Request data for 93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc---

[debug] Path: /2015-03-31/functions

[debug] Headers:

[debug] User-Agent=AWS-VSTS/1.14.0 exec-env/VSTS-3.234.0-LambdaDeployFunction promise

[debug] Content-Type=application/json

[debug] X-Amz-Content-Sha256=b8481428a1e5bbb0b34ff8fdb104aba54741bf3cdb0ebc591b33e4f1c1563271

[debug] Content-Length=12606195

[debug] Host=lambda.eu-central-1.amazonaws.com

[debug] X-Amz-Date=20240223T084636Z

[debug] Authorization=AWS4-HMAC-SHA256 Credential=***/20240223/eu-central-1/lambda/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2b74cfdd346873b74186867e069532538f0b1780af91cd51f1dd582c57bdede8

[debug]---Response data for request 93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc---

[debug] Status code: 403

[debug] Headers:

[debug] date=Fri, 23 Feb 2024 08:46:36 GMT

[debug] content-type=application/json

[debug] content-length=53

[debug] connection=keep-alive

[debug] x-amzn-requestid=93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc

[debug] x-amzn-errortype=AccessDeniedException

[debug]task result: Failed

[error]Error: Failed to create function, error AccessDeniedException: Cross-account pass role is not allowed_

• On-prem or cloud based?: Cloud
• Azure DevOps version: Latest
• AWS Toolkit for Azure DevOps version: 1.14.0 (Latest)

[Maverick1983]

Update.

The problem was roleArn, not the service connection. I used a wrong accountId.