2

I have created three security groups in the same VPC

  1. For lambda-SG gave an inbound rule for RDS-SG, RDS-Proxy, RDS-Lamda with port 5432
  2. For RDS-SG gave 3 rules same above,
  3. For RDS-Proxy also gave the same rules

Lambda Function throw this Exception

when I went to the cloud watch of RDS-Proxy I got an Exception that is given blow.

Credentials couldn't be retrieved. The IAM role provided with the ARN "arn:aws:iam::--------:role/service-role/abc" couldn't be assumed. Make sure that this IAM role is set up correctly for this use.

I also mentioned the role policy for secret, rds,kms. I can not solve this error is there anyONe who can help me out that'll be much appreciated

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
muhammad adeel
  • 87
  • 3
  • What is the trust relationship of the role? – luk2302 Jun 22 '22 at 10:14
  • { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::---------:role/service-role/abc", "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } – muhammad adeel Jun 22 '22 at 10:16
  • 1
    And the role is supposed to be assumed by Lambda? https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/ says rds.amazonaws.com should be allowed to assume it. – luk2302 Jun 22 '22 at 10:26
  • i am getting this error now."Calling the invoke API action failed with this message: The role defined for the function cannot be assumed by Lambda" – muhammad adeel Jun 22 '22 at 10:39
  • Mhm, you can try adding both services, not entirely sure how this is supposed to work either. Just basically guessing, looking at the docs. – luk2302 Jun 22 '22 at 10:41
  • I have added both services but got --> Error: This RDS proxy has no credentials for the role of Postgres. Check the credentials for this role and try again.", – muhammad adeel Jun 22 '22 at 13:12

0 Answers0