Wednesday, June 15, 2016

API Gateway does not have permission to assume the provided role

Error:

Execution failed due to configuration error: API Gateway does not have permission to assume the provided role

When:
   While executing API Gateway to update a DynamoDB table


How I solved that error:
   By adding a Trusted Entity to the IAM role that was used for the Method Execution.

Go to IAM > Roles > whateverRole > Trust Relationships > Edit Trust Relationship and add apigateway under Statements

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

P.S: This role already had Allow sts:AssumeRole on ec2. I simply copied the same and changed ec2 to apigateway.

2 comments:

  1. you can also join several services accepted into an array

    Example :
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Principal": {
    "Service": [
    "lambda.amazonaws.com",
    "apigateway.amazonaws.com"
    ]
    },
    "Action": "sts:AssumeRole"
    }
    ]
    }

    ReplyDelete