👀 Views: 1755 💬 Answers: 1 📅 Created: 2025-05-31

AWS CloudFormation Lambda IAM yaml

I've spent hours debugging this and I've spent hours debugging this and I'm maintaining legacy code that Hey everyone, I'm running into an issue that's driving me crazy... I'm stuck on something that should probably be simple. I am trying to deploy a CloudFormation stack that includes an AWS Lambda function with specific IAM permissions. However, every time I deploy, the stack rolls back with the behavior message: `Resource handler returned message: "User: arn:aws:iam::123456789012:user/myUser is not authorized to perform: iam:PassRole on resource: arn:aws:iam::123456789012:role/myLambdaExecutionRole"`. I have verified that my IAM user has the `AdministratorAccess` policy attached, which should allow all actions, including `iam:PassRole`. Here’s a snippet of my CloudFormation template that defines the Lambda function and its execution role: ```yaml Resources: MyLambdaExecutionRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: 'lambda.amazonaws.com' Action: 'sts:AssumeRole' Policies: - PolicyName: 'MyLambdaPolicy' PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'logs:*' Resource: '*' MyLambdaFunction: Type: 'AWS::Lambda::Function' Properties: FunctionName: 'MyFunction' Handler: 'index.handler' Role: !GetAtt MyLambdaExecutionRole.Arn Code: ZipFile: | def handler(event, context): return 'Hello, World!' Runtime: 'python3.8' ``` I’ve also checked the resource policies and trust relationships for the IAM role, but everything seems in order. I’ve tried redeploying after removing the stack and recreating it, but I keep working with the same scenario. Any insights on what might be causing the `iam:PassRole` behavior or how I can troubleshoot this further? This is part of a larger service I'm building. Is there a better approach? This is part of a larger service I'm building. I recently upgraded to Yaml stable. Is there a better approach? This issue appeared after updating to Yaml stable. I'm using Yaml 3.11 in this project.