Question

Lambda service throws error execution role does not have permissions to call receiveMessage on SQS

I have a SQS queue and I want to trigger a lambda function when a message arrives in the queue. I have written the lambda function and that works successfully when I click the "Test" button. When I go to SQS and try to configure it as a lambda trigger I see the error message below.

I have created the SQS queue and lambda function using the same user and role and the lambda function has execute permissions against the same role.

I also have also added SQS receiveMessage permission but it doesn't seem to make a difference unless I'm doing something wrong when I set it.

What could be causing the problem?

Thanks for any help

enter image description here

 46  76254  46
1 Jan 1970

Solution

 37
  • Hi as far as i can understand your lambda needs the following permission on it aws docs
  • Hope its not in a VPC.

aws_lambda_permission

  • Or may be give it a god mode on sqs:* just for testing it.

  • If that works maybe later on you can then go for specific methods only. Attached a policy for a lambda role you might have to change account_number to your account no if you need to invoke another lambda form this lambda

     {
         "Version": "2012-10-17",
         "Statement": [
             {
                 "Sid": "",
                 "Effect": "Allow",
                 "Action": "lambda:InvokeFunction",
                 "Resource": "arn:aws:lambda:eu-west-2:account_number:function:*"
             },
             {
                 "Sid": "",
                 "Effect": "Allow",
                 "Action": [
                     "logs:PutLogEvents",
                     "logs:CreateLogStream",
                     "logs:CreateLogGroup"
                 ],
                 "Resource": "*"
             },
             {
                 "Sid": "",
                 "Effect": "Allow",
                 "Action": [
                     "sqs:*"
                 ],
                 "Resource": "*"
             }
         ]
     }
    
2019-04-02

Solution

 23

Although solution for this may have been achieved by now.. but since this thread was suggested to me at the top.. i will post the answer for other users:

I faced same issue even after giving SQS full access to user. The problem is with the lambda execution role. When lambda is created, it needs to be assigned a lambda execution role. Most users assign the auto-generated execution role while creating lambda. That execution role does not have permissions for SQS.

So open lambda >> Click Permissions tab >> edit execution role at the top >> assign SQS permissions >> boom.

[edit]This is now under Configuration >> Permissions

permissions tab showing execution role

2020-09-24