Closed Maverick1983 closed 7 months ago
I use service connection on DevOps Azure for deploy new Lambda. I use Access key ID and Secret from root user, but I receive:
##[error]Error: Failed to create function, error AccessDeniedException: Cross-account pass role is not allowed.
Log from DevOps Azure Pipeline:
_##[debug]AWS createFunction request ID: 93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc
Update.
The problem was roleArn, not the service connection. I used a wrong accountId.
I use service connection on DevOps Azure for deploy new Lambda. I use Access key ID and Secret from root user, but I receive:
##[error]Error: Failed to create function, error AccessDeniedException: Cross-account pass role is not allowed.
Log from DevOps Azure Pipeline:
_##[debug]AWS createFunction request ID: 93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc
[debug]---Request data for 93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc---
[debug] Path: /2015-03-31/functions
[debug] Headers:
[debug] User-Agent=AWS-VSTS/1.14.0 exec-env/VSTS-3.234.0-LambdaDeployFunction promise
[debug] Content-Type=application/json
[debug] X-Amz-Content-Sha256=b8481428a1e5bbb0b34ff8fdb104aba54741bf3cdb0ebc591b33e4f1c1563271
[debug] Content-Length=12606195
[debug] Host=lambda.eu-central-1.amazonaws.com
[debug] X-Amz-Date=20240223T084636Z
[debug] Authorization=AWS4-HMAC-SHA256 Credential=***/20240223/eu-central-1/lambda/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2b74cfdd346873b74186867e069532538f0b1780af91cd51f1dd582c57bdede8
[debug]---Response data for request 93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc---
[debug] Status code: 403
[debug] Headers:
[debug] date=Fri, 23 Feb 2024 08:46:36 GMT
[debug] content-type=application/json
[debug] content-length=53
[debug] connection=keep-alive
[debug] x-amzn-requestid=93f268d7-2cc1-401d-a6c0-2ae6e54bdbbc
[debug] x-amzn-errortype=AccessDeniedException
[debug]task result: Failed
[error]Error: Failed to create function, error AccessDeniedException: Cross-account pass role is not allowed_