1

I have a flask project and it is deployed to the AWS Lambda using the Zappa, and it works fine. I'm trying to add an event in the zappa_settings.json to run some function regularly. The settings config that was working (without events) was:

{
    "dev": {
        "app_function": "app.app",
        "profile_name": "default",
        "project_name": "contactclipper2",
        "runtime": "python3.8",
        "s3_bucket": "zappa-i4hsr8rya",
        "aws_region": "us-west-2",
        "keep_warm": false,
        "use_precompiled_packages": false,
        "memory_size": 3008
    }
}

and I added these two lines, so the settings changed to:

{
    "dev": {
        "app_function": "app.app",
        "profile_name": "default",
        "project_name": "contactclipper2",
        "runtime": "python3.8",
        "s3_bucket": "zappa-i4hsr8rya",
        "aws_region": "us-west-2",
        "keep_warm": false,
        "use_precompiled_packages": false,
        "memory_size": 3008,
        "events": [{
            "function": "alerts.test_alert",
            "expression": "rate(1 minute)"
        }]
    }
}

But now I can't update or schedule the project and I get this error:

botocore.exceptions.ClientError: An error occurred (ValidationException) when calling the PutRule operation: Provided role 'arn:aws:iam::199151782709:role/contactclipper2-dev-ZappaLambdaExecutionRole' cannot be assumed by principal 'events.amazonaws.com'.

This is the role's trust entities: image

What should I do to fix this and have a working event (cron job)?

Saeed Esmaili
  • 764
  • 3
  • 12
  • 34

1 Answers1

0

I was stuck with the same error for quite a while when I eventually found the solution described here: https://stackoverflow.com/a/41915180.

I had the following role and ARN specified in my zappa_settings.json:

"role_name": "MyRoleName", 
"role_arn": "arn:aws:iam::<myacountnumber>:role/MyRoleName"

Following the example provided by alexanderbird, I changed my ARN as follows:

"role_arn": "arn:aws:iam::<myacountnumber>:role/service-role/MyRoleName"

Adding in "service-role" cleared the ValidationException pointing to the PutRule operation, caused by the incorrect ARN.

Andre
  • 139
  • 1
  • 6
  • For an example custom policy to attach to your custom role, have a look here: https://github.com/Miserlou/Zappa/issues/244. The latest one mentioning "events:PutRule" should be a good place to start. – Andre Feb 11 '21 at 00:17