search

lumigo-io / lumigo-CLI

Open source CLI tool to help you develop and manage serverless applications.
https://lumigo.io
Apache License 2.0
331 stars 21 forks source link

measure-lambda-cold-starts: authorization failure #83

Closed nocquidant closed 4 years ago

nocquidant commented 4 years ago

When I launch lumigo-cli measure-lambda-cold-starts, I get the following failure during the Loop step (from the web console): 

$ lumigo-cli measure-lambda-cold-starts -n AwsSdkFn -r eu-west-1 -i 50

Neither the global service principal states.amazonaws.com, nor the regional one is authorized to assume the provided role.

It is not very clear to me, which role the error message is referring to...

FYI my company had setup an AWS "sandbox" account for all of its employees, based on Active Directory and the AWS Security Token Service. And there are a few restrictions attached to it (no account creation for instance). This is the account I am using. But the powerTuningStateMagine causes no problem, so I think it should be possible...

nocquidant commented 4 years ago

OK, it looks like the trust relationship for the state-machine execution role has the us region hard coded somewhere. If I edit it from the web console and change it for eu-west-1: 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "states.eu-west-1.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Everything is fine.

theburningmonk commented 4 years ago

@nocquidant well spotted 👍 I'll get that fixed in here and it should fix itself in the lumigo-cli

theburningmonk commented 4 years ago

@nocquidant it should be fixed now, give me a shout if it still doesn't work for you.

theburningmonk commented 4 years ago

@nocquidant can you confirm this is no longer an issue for you? if so, I'll close the ticket

nocquidant commented 4 years ago

Yes the issue is resolved, thank you very much.