search

justinram11 / serverless-aws-batch

MIT License
26 stars 26 forks source link

The provided execution role does not have permissions to call CreateNetworkInterface on EC2... #16

Open rlyle opened 3 years ago

rlyle commented 3 years ago

Hitting the following error when trying to create an AWS batch function using serverless:

An error occurred: TestBatchLambdaFunction - The provided execution role does not have permissions to call CreateNetworkInterface on EC2 (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 66cd36bb-eaf5-420b-8880-359e52d985c1; Proxy: null).

Here is my serverless.yaml (clipped to be more succinct):

service: my-service
provider:
  name: aws
  runtime: nodejs10.x
  endpointType: REGIONAL
  region: ${file(./config/${opt:stage}.json):aws.region}
  memorySize: 3008
  timeout: 300
  logRetentionInDays: 7
  iamRoleStatements:
    - Effect: "Allow" # xray permissions (required)
      Action:
        - "xray:PutTraceSegments"
        - "xray:PutTelemetryRecords"
      Resource:
        - "*"      
    - Effect: Allow
      Action:
        - "ec2:CreateNetworkInterface"
        - "ec2:DescribeNetworkInterfaces"
        - "ec2:DetachNetworkInterface"
        - "ec2:DeleteNetworkInterface"
        - "forecast:*"
        - "s3:*"
        - 'lambda:InvokeFunction'
        - 'iam:PassRole'
      Resource: "*"
    - Effect: Allow
      Action:
        - "dynamodb:PutItem"
      Resource: "*"
  vpc: ${file(./config/${opt:stage}.json):aws.vpc}
  batch:
    Type: EC2
    BidPercentage: 100
    SecurityGroupIds: ${file(./config/${opt:stage}.json):aws.vpc.securityGroupIds}
    Subnets: ${file(./config/${opt:stage}.json):aws.vpc.subnetIds}
    InstanceTypes:
      - c5.large
    MinvCpus: 0
    MaxvCpus: 2

functions:
  testBatch:
    handler: index.testBatch
    batch:
      ContainerProperties:
        Memory: 3008
        Vcpus: 1

Any idea what I'm doing wrong, or am I hitting a bug in this plugin?

rlyle commented 3 years ago

Update: I put the batch: onto an existing function in my serverless.yaml, and it deployed correctly this time.

jeremyputeaux commented 3 years ago

Just hit the same issue like @rlyle, had to comment the plugin in my serverless.yml configuration, deploy, uncomment it and deploy again.

rlyle commented 3 years ago

Fixed this issue in my fork: https://github.com/rlyle/serverless-aws-batch