Skip to content

Instantly share code, notes, and snippets.

@djm

djm/aws.lambda.upload.error.output

Last active July 4, 2020 07:19
Show Gist options
  • Save djm/1af7dec88fb24bd73188 to your computer and use it in GitHub Desktop.
Save djm/1af7dec88fb24bd73188 to your computer and use it in GitHub Desktop.
Download ZIP
Node Lambda Upload Error: "Cross-account pass role is not allowed"
Raw
aws.lambda.upload.error.output
Reading zip file to memory
Uploading zip file to AWS Lambda eu-west-1 with parameters:
{ FunctionName: 'xxx-staging-1-0-0',
FunctionZip: <Buffer 50 478 0b 00 ...>,
Handler: 'index.handler',
Mode: 'event',
Role: 'arn:aws:iam::xxx:role/xxx',
Runtime: 'nodejs',
Description: 'Resizes images for the xxx project.',
MemorySize: '512',
Timeout: '60' }
{ [AccessDeniedException: Cross-account pass role is not allowed.]
message: 'Cross-account pass role is not allowed.',
code: 'AccessDeniedException',
time: Mon Jul 27 2015 12:10:03 GMT+0100 (BST),
statusCode: 403,
retryable: false,
retryDelay: 30 }
@djm
Copy link
Author

djm commented Jul 27, 2015

SOLUTION

The node-lambda npm package creates an .env file for you which you can set the various environment variables that it will use to deploy. You can set the AWS acccess key & secret key in this file and it will use them.

However, if you already have AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY set in your environment, those will take precedent. Therefore the "Cross-account pass role is not allowed" is an error due to authenticating with the wrong account details. The simple solution if you wish to use the .env file to store authentication details is to unload your AWS auth environment variables as so:

unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
# Then run the deploy again and it will use the variables from .env

The solution is obvious but the error message from AWS is not and currently only returns 2 useless results; hopefully this gist will fix that when it gets indexed.

Cheers,
Darian

@vladmiller
Copy link

@djm Thank you very much, I spent good few hours trying to figure out what's wrong

@thomaspeitz
Copy link

Thanks! ๐Ÿ‘ Me too!

@rafalyesware
Copy link

The other handy thing here may be to set AWS_PROFILE in your environment to the profile containing the right set of credentials.

@rafalyesware
Copy link

Thanks for the hint, BTW, I wouldn't have found that without a lot more digging!

@richardking
Copy link

thanks!

@fepelipe
Copy link

Still helpful ๐Ÿ‘

@Ellmo304
Copy link

Thank you!!

@pestir
Copy link

pestir commented Nov 28, 2018

great

@DerWanderer
Copy link

I didn't have those variables, but by moving my profile variables to [default], I was able to work around the problem. +1

@massy103
Copy link

massy103 commented Jul 4, 2020

thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment