I am trying to access Lambda function using iOS Swift and here is my set up AWS Role
- RoleName: ALLOW_LAMBDA_EXECUTE
- With Policy access to AWS Lambda full access, AWS Lambda execute, AmazonCognitoDeveloperAuthenticatedIdentities
- Trust Relationship: Allow services: lambda.amazonaws.com and condition has Cognito identity with "unauthenticated"
- Cognito Identity Pool: Has the role ALLOW_LAMBDA_EXECUTE under unauthenticated role
- Unauthenticated Identities: Has Enable access to unauthenticated identities checked
- In Lambda, for function GetProcess(), has ExecutionRole: ALLOW_LAMBDA_EXECUTION
with all these, when I execute the same using my iPhone app (with simulator), I get this error.
"x-amzn-errortype" = **AccessDeniedException**;
-[AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response body:
**{"Message":"The role defined for the function cannot be assumed by Lambda."}**
Am I missing anything here?
After a lot of deliberation, going through multiple docs and doing some RnD, things started working.
Yes, Trust Relationship should have lambda execute and Action: sts:AssumeRoleWithWebIdentity and it should have the condition
Now, this will not work well with Lambdas role coz' it cannot assume the role, which I think make-sense as it has little power to do so.
Hence I have created 2 diff roles Role 1- with above trust relationship assigned to Cognito fedrated identitiy access Role 2- without changes in trust relationship assigned to Lambda role.
Now both my iOS access works with cognito identity and also AWS APIMicroServices...
Indeed took a while to crack this.