By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Error Message connecting Lambda VPC with DocumentDb: The provided execution role does not have permissions to call CreateNetworkInterface on EC2

0

I want to access DocumentDb in my Lambda function. I try to configure my VPC in the Edit VPC page for my lambda function but I get this error message that stops me;

The provided execution role does not have permissions to call CreateNetworkInterface on EC2 How do I fix this?

Topics
Networking & Content DeliveryServerlessCompute
Tags
Amazon VPCAWS Lambda
Language
English
rePost-User-4365712
asked a year ago3429 views
1 Answer
2
Accepted Answer

Hi,

The Lambda function execution role must have permissions to create, describe and delete ENIs. AWS Lambda provides a permissions policy, AWSLambdaVPCAccessExecutionRole, with permissions for the necessary EC2 actions (ec2:CreateNetworkInterface, ec2:DescribeNetworkInterfaces, and ec2:DeleteNetworkInterface) that you can use when creating a role

Simply add these permissions into the Lambda IAM roles policy as below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterface",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DeleteNetworkInterface"
            ],
            "Resource": "*"
        }
    ]
}

See this also: https://repost.aws/knowledge-center/lambda-permissions-issues.

Hope it helps and if it does, I would appreciate answer to be accepted, so that community can benefit for clarity when searching for similar issues, thanks ;)

profile picture
EXPERT
Antonio_Lagrotteria
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content