When I add SQS queue as a destination for my Lambda function, I am getting an error “Role xxx trusts too many services, expected only 1”. How can I solve this issue?

// troubleshooting

In addition to the error message, I noticed there is an information message saying “Your function’s execution role doesn’t have permission to send result to the destination. By clicking save we’ll attempt to add permission to the role for you”. I did an experiment in my account and I found this error is thrown by the operation createPolicyForServiceRole.

// solution

As you know, to send events to a destination, the function needs additional permissions. You need to add a policy with the required permissions to your function’s execution role (it is sqs:SendMessage in this case) [1]. So you may need to review the execution role and make sure it has the permission sqs:SendMessage on the SQS queue which you want to use for the destination.

Reference:

[1] Asynchronous invocation – Configuring destinations for asynchronous invocation – https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations