Error "The execution role you provide must allow AWS EventBridge Scheduler to assume the role."

Question

I'm creating a role to reboot automatically an EC2 instance. But I'm getting this error "The execution role you provide must allow AWS EventBridge Scheduler to assume the role."

In the role, I've added those permissions

I know it's mostly too much but still not enough cause I'm getting the error... Any idea ?

Can you please add how did you create the execution role and how are you trying to attached it to the EventBridge Scheduler? — Arpit Jain, Apr 24 '23 at 11:33
I just created manually a role in IAM and a eventbride rule manually too. Not sure to understand your question — MathKimRobin, Apr 24 '23 at 12:43
What policies did you add when you created an execution role? You need to allow EventBridge Scheduler assumes the execution role in order to interact with other AWS services on your behalf ie you need to add a trust policy that allows EventBridge Scheduler to assume the role on your behalf and also attach permission policies to this role to grant EventBridge Scheduler access to invoke targets which you already did. — Arpit Jain, Apr 24 '23 at 14:35

Arpit Jain · Answer 1 · 2023-04-24T15:06:57.960

13

You need to add the below trust policy to your execution role which will allow EventBridge Scheduler to assume the role.

Open IAM Console → In the navigation pane of the console, choose Roles and then choose your role → Select Trust Relationship tab → Click on Edit trust Policy and add the below policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "scheduler.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

edited Apr 24 '23 at 15:06

answered Apr 24 '23 at 14:40

Arpit Jain

1,599
9
23

1

Also `Service` in the trust policy should be `scheduler.amazonaws.com` not `events.amazonaws.com`. – Arpit Jain Apr 28 '23 at 05:14
Yo this worked for me! Thanks! +1 – DevOpsSauce Jun 25 '23 at 02:17
@DevOpsSauce, glad to know it worked for you :) – Arpit Jain Jun 25 '23 at 04:40

score 0 · Answer 2 · answered Apr 24 '23 at 14:39

Since the error message indicates EventBridge Scheduler is unable to assume the role, you are probably missing the IAM piece that allows the "sts:AssumeRole" action. This doc for IAM describes where you need to add these permissions.

"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::account_id_number:role/role-name-you-want-to-assume"

Error "The execution role you provide must allow AWS EventBridge Scheduler to assume the role."

2 Answers2

Linked