We are building an AWS workflow where SNS triggers a Lambda, which pushes messages to SQS, and another Lambda reads from SQS and sends emails using SES. To achieve this, we created custom IAM roles (lambda-sqs-ses-role, etc.) that the Lambda functions should assume.
Error Message -
operation error Lambda: CreateFunction, https response error StatusCode: 403,
api error AccessDeniedException: User: arn:aws:iam:::user/kk_labs_user_448879
is not authorized to perform: iam:PassRole on resource:
arn:aws:iam:::role/lambda-sqs-ses-role_vd
because no identity-based policy allows the iam:PassRole action