com.amazonaws.AmazonServiceException: Cross-account pass role is not allowed. (Service: AWSLambda; Status Code: 403; Error Code: null; Request ID: bb814e04-bb96-11e5-88fa-b56203d5b166)

Jenkins JIRA | Alex Gray | 1 year ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    When using "use instance credentials" I get the following exception: =========================== Starting lambda deployment procedure Copying zip file File Name: awslambda-942813613263363530.zip Absolute Path: /tmp/awslambda-942813613263363530.zip File Size: 10388 Lambda function existence check: {FunctionName: alex_test,} Lambda function does not exist Lambda create function request: {FunctionName: alex_test,Runtime: python2.7,Role: arn:aws:iam::763429161784:role/lambda_hipchat_pr_digest,Handler: lambda_handler,Code: {ZipFile: java.nio.HeapByteBuffer[pos=0 lim=10388 cap=10388],},Description: Hipchat PR Digest,Timeout: 60,MemorySize: 256,Publish: true} com.amazonaws.AmazonServiceException: Cross-account pass role is not allowed. (Service: AWSLambda; Status Code: 403; Error Code: null; Request ID: bb814e04-bb96-11e5-88fa-b56203d5b166) at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1239) at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:823) at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:506) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:318) at com.amazonaws.services.lambda.AWSLambdaClient.invoke(AWSLambdaClient.java:1925) at com.amazonaws.services.lambda.AWSLambdaClient.createFunction(AWSLambdaClient.java:686) at com.xti.jenkins.plugin.awslambda.service.LambdaDeployService.createLambdaFunction(LambdaDeployService.java:162) at com.xti.jenkins.plugin.awslambda.service.LambdaDeployService.deployLambda(LambdaDeployService.java:82) at com.xti.jenkins.plugin.awslambda.upload.LambdaUploader.upload(LambdaUploader.java:51) at com.xti.jenkins.plugin.awslambda.upload.LambdaUploadBuildStep.perform(LambdaUploadBuildStep.java:81) at com.xti.jenkins.plugin.awslambda.upload.LambdaUploadBuildStep.perform(LambdaUploadBuildStep.java:66) at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:785) at hudson.model.Build$BuildExecution.build(Build.java:205) at hudson.model.Build$BuildExecution.doRun(Build.java:162) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537) at hudson.model.Run.execute(Run.java:1741) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:408) Build step 'AWS Lambda deployment' changed build result to FAILURE Finished: FAILURE =========================== The jenkins node that is running that this job has all the credentials it needs to talk to lambda. For instance, I can create a function via the AWS CLI: # aws lambda create-function --function-name alex-foo --runtime python2.7 --role arn:aws:iam::763429161784:role/lambda_hipchat_pr_digest --handler lambda_handler --region us-west-2 --zip-file fileb://foo.zip { "FunctionName": "alex-foo", "CodeSize": 170, "MemorySize": 128, "FunctionArn": "arn:aws:lambda:us-west-2:763429161784:function:alex-foo", "Handler": "lambda_handler", "Role": "arn:aws:iam::763429161784:role/lambda_hipchat_pr_digest", "Timeout": 3, "LastModified": "2016-01-15T14:44:20.353+0000", "Runtime": "python2.7", "Description": "" } The IAM policy on the instance has full lambda and iam:PassRole (This role also has a trust relationship with another account, which may play a role in this error): { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1452706481000", "Effect": "Allow", "Action": [ "lambda:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ] } ] }

    Jenkins JIRA | 1 year ago | Alex Gray
    com.amazonaws.AmazonServiceException: Cross-account pass role is not allowed. (Service: AWSLambda; Status Code: 403; Error Code: null; Request ID: bb814e04-bb96-11e5-88fa-b56203d5b166)
  2. 0

    When using "use instance credentials" I get the following exception: =========================== Starting lambda deployment procedure Copying zip file File Name: awslambda-942813613263363530.zip Absolute Path: /tmp/awslambda-942813613263363530.zip File Size: 10388 Lambda function existence check: {FunctionName: alex_test,} Lambda function does not exist Lambda create function request: {FunctionName: alex_test,Runtime: python2.7,Role: arn:aws:iam::763429161784:role/lambda_hipchat_pr_digest,Handler: lambda_handler,Code: {ZipFile: java.nio.HeapByteBuffer[pos=0 lim=10388 cap=10388],},Description: Hipchat PR Digest,Timeout: 60,MemorySize: 256,Publish: true} com.amazonaws.AmazonServiceException: Cross-account pass role is not allowed. (Service: AWSLambda; Status Code: 403; Error Code: null; Request ID: bb814e04-bb96-11e5-88fa-b56203d5b166) at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1239) at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:823) at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:506) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:318) at com.amazonaws.services.lambda.AWSLambdaClient.invoke(AWSLambdaClient.java:1925) at com.amazonaws.services.lambda.AWSLambdaClient.createFunction(AWSLambdaClient.java:686) at com.xti.jenkins.plugin.awslambda.service.LambdaDeployService.createLambdaFunction(LambdaDeployService.java:162) at com.xti.jenkins.plugin.awslambda.service.LambdaDeployService.deployLambda(LambdaDeployService.java:82) at com.xti.jenkins.plugin.awslambda.upload.LambdaUploader.upload(LambdaUploader.java:51) at com.xti.jenkins.plugin.awslambda.upload.LambdaUploadBuildStep.perform(LambdaUploadBuildStep.java:81) at com.xti.jenkins.plugin.awslambda.upload.LambdaUploadBuildStep.perform(LambdaUploadBuildStep.java:66) at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:785) at hudson.model.Build$BuildExecution.build(Build.java:205) at hudson.model.Build$BuildExecution.doRun(Build.java:162) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537) at hudson.model.Run.execute(Run.java:1741) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:408) Build step 'AWS Lambda deployment' changed build result to FAILURE Finished: FAILURE =========================== The jenkins node that is running that this job has all the credentials it needs to talk to lambda. For instance, I can create a function via the AWS CLI: # aws lambda create-function --function-name alex-foo --runtime python2.7 --role arn:aws:iam::763429161784:role/lambda_hipchat_pr_digest --handler lambda_handler --region us-west-2 --zip-file fileb://foo.zip { "FunctionName": "alex-foo", "CodeSize": 170, "MemorySize": 128, "FunctionArn": "arn:aws:lambda:us-west-2:763429161784:function:alex-foo", "Handler": "lambda_handler", "Role": "arn:aws:iam::763429161784:role/lambda_hipchat_pr_digest", "Timeout": 3, "LastModified": "2016-01-15T14:44:20.353+0000", "Runtime": "python2.7", "Description": "" } The IAM policy on the instance has full lambda and iam:PassRole (This role also has a trust relationship with another account, which may play a role in this error): { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1452706481000", "Effect": "Allow", "Action": [ "lambda:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ] } ] }

    Jenkins JIRA | 1 year ago | Alex Gray
    com.amazonaws.AmazonServiceException: Cross-account pass role is not allowed. (Service: AWSLambda; Status Code: 403; Error Code: null; Request ID: bb814e04-bb96-11e5-88fa-b56203d5b166)
  3. 0

    [JIRA] [aws-lambda-plugin] (JENKINS-32475) Cross-account pass role is not allowed when using instance credentials

    Google Groups | 1 year ago | grayaii@gmail.com (JIRA)
    com.amazonaws.AmazonServiceException: Cross-account pass role is not allowed. (Service: AWSLambda; Status Code: 403; Error Code: null; Request ID: bb814e04-bb96-11e5-88fa-b56203d5b166)
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    HTTP Proxy Integration with RAML Config

    GitHub | 1 year ago | spencerfdavis
    com.amazonaws.AmazonServiceException: (Service: null; Status Code: 500; Error Code: null; Request ID: 1627c293-9917-11e5-9a05-3738b38200c6)
  6. 0

    Jobs: Do not log AWS rate limit exceedance as ERROR

    GitHub | 1 year ago | harti2006
    com.amazonaws.AmazonServiceException: Request limit exceeded. (Service: AmazonEC2; Status Code: 503; Error Code: RequestLimitExceeded; Request ID: aa4ebff3-6965-42f5-8bba-a4d33e479896)
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. com.amazonaws.AmazonServiceException

    Cross-account pass role is not allowed. (Service: AWSLambda; Status Code: 403; Error Code: null; Request ID: bb814e04-bb96-11e5-88fa-b56203d5b166)

    at com.amazonaws.http.AmazonHttpClient.handleErrorResponse()
  2. AWS SDK for Java - Core
    AmazonHttpClient.execute
    1. com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1239)
    2. com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:823)
    3. com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:506)
    4. com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:318)
    4 frames
  3. AWS Java SDK for AWS Lambda
    AWSLambdaClient.createFunction
    1. com.amazonaws.services.lambda.AWSLambdaClient.invoke(AWSLambdaClient.java:1925)
    2. com.amazonaws.services.lambda.AWSLambdaClient.createFunction(AWSLambdaClient.java:686)
    2 frames
  4. com.xti.jenkins
    LambdaUploadBuildStep.perform
    1. com.xti.jenkins.plugin.awslambda.service.LambdaDeployService.createLambdaFunction(LambdaDeployService.java:162)
    2. com.xti.jenkins.plugin.awslambda.service.LambdaDeployService.deployLambda(LambdaDeployService.java:82)
    3. com.xti.jenkins.plugin.awslambda.upload.LambdaUploader.upload(LambdaUploader.java:51)
    4. com.xti.jenkins.plugin.awslambda.upload.LambdaUploadBuildStep.perform(LambdaUploadBuildStep.java:81)
    5. com.xti.jenkins.plugin.awslambda.upload.LambdaUploadBuildStep.perform(LambdaUploadBuildStep.java:66)
    5 frames
  5. Hudson
    Executor.run
    1. hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
    2. hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:785)
    3. hudson.model.Build$BuildExecution.build(Build.java:205)
    4. hudson.model.Build$BuildExecution.doRun(Build.java:162)
    5. hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537)
    6. hudson.model.Run.execute(Run.java:1741)
    7. hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    8. hudson.model.ResourceController.execute(ResourceController.java:98)
    9. hudson.model.Executor.run(Executor.java:408)
    9 frames