I want to use role assume in a AWS lambda function.
I have the follow template.yml
AWSTemplateFormatVersion: '2010-09-09'Transform: AWS::Serverless-2016-10-31Parameters: Role1: Type: StringResources: Function1: Type: 'AWS::Serverless::Function' Properties: Handler: core.lambda_function.lambda_handler Policies: - Statement: - Sid: AssumeRol Effect: Allow Action: - sts:AssumeRole Resource: '*' Environment: Variables: ROLE: !Ref Role1And in lambda python the follow code:
role_arn = get_role_arn_from_env_parameter()assumed_role_object = sts_client.assume_role( RoleArn=role_arn, RoleSessionName="AssumeRoleSession")But I get the follow error when functions is executed:
ClientError: An error occurred (AccessDenied) when calling the AssumeRole operation:User: "..." is not authorized to perform: sts:AssumeRole on resource: "..."It seems Policy Statement AssumeRol does not work or maybe should be put in other place ?
EDIT:trusted role policy:
{"Version": "2012-10-17","Statement": [ {"Sid": "Statement1","Effect": "Allow","Principal": {"Service": "lambda.amazonaws.com" },"Action": "sts:AssumeRole" } ]}