Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Enabling XRay tracing on an existing stack fails

See original GitHub issue

Bug Report

Description

When enabling AWS X-Ray tracing on an existing stack, the update fails with the following error:

An error occurred: HelloLambdaFunction - The provided execution role does not have permissions to call PutTraceSegments on XRAY (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: ********-****-****-****-************).

This error does not seem to be reproducible 100% of the time and appears to be a race to update the Lambda Execution role and the function itself.

These CloudFormation logs show the IamRoleUpdate commenced after the function configuration update:

What did you do?
- Deploy a Serverless stack with tracing disable
- Update provider.tracing.lambda to true
- Re-deploy the stack
What happened?
- The error The provided execution role does not have permissions to call PutTraceSegments on XRAY is returned and the stack does not update
What should’ve happened?
- The stack updates, grants the necessary permissions to the execution role, and enables Lambda X-Ray tracing

What’s the content of your serverless.yml file?

Initial stack creation:

service:
  name: xray-permissions

provider:
  name: aws
  runtime: nodejs10.x

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          method: get
          path: hello

Update:

service:
  name: xray-permissions

provider:
  name: aws
  runtime: nodejs10.x
  tracing:
    lambda: true # This has been enabled after creation

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          method: get
          path: hello

What’s the output you get when you use the SLS_DEBUG=* environment variable (e.g. SLS_DEBUG=* serverless deploy)
- I didn’t manage to capture this debug information but will update the information when I can reproduce the issue reliably.

Similar or dependent issues:

#3495

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:19 (9 by maintainers)

Top GitHub Comments

1reaction

medikoocommented, Apr 21, 2020

@jamesmbourne thanks for report. Technically this can happen when you provide a custom execution role (via provider.role or via role directly in a function configuration).

Can you confirm it’s not the case?

As, if default role is used, exactly those permissions are set: https://github.com/serverless/serverless/blob/55c259f994b0062d60c64407f0bec6f17ef44d57/lib/plugins/aws/package/compile/functions/index.js#L319-L332

0reactions

medikoocommented, Sep 10, 2020

@bisoldi it means that it needs to be reported at plugin repository, as it’s an issue over there

Top Results From Across the Web

Enable Tracing for a Project - AWS CodeStar

AWS X-Ray offers tracing, which you can use to analyze performance behavior of distributed applications (for example, latencies in response times).

Enabling AWS X-Ray on AWS Lambda

Another issue is when you have an existing stack/role that you want to add the X-Ray permissions to and enable TraceConfig in the...

Tips and Tricks: Ray Tracing Best Practices

This post presents best practices for implementing ray tracing in games and other real-time graphics applications.

OptiX does not show up - ParaView Support

But when I enable ray tracing OptiX backend is not available. ... in comm 0): Fatal error in PMPI_Init: Other MPI error, error...

Minecraft with Ray Tracing and Advanced Graphics FAQ

Download ray tracing enabled packs in the Minecraft Marketplace. Many free worlds featuring PBR and ray tracing are available in the Minecraft Marketplace,...