1 Answer
- Newest
- Most votes
- Most comments
2
Hi,
The Lambda function execution role must have permissions to create, describe and delete ENIs. AWS Lambda provides a permissions policy, AWSLambdaVPCAccessExecutionRole, with permissions for the necessary EC2 actions (ec2:CreateNetworkInterface, ec2:DescribeNetworkInterfaces, and ec2:DeleteNetworkInterface) that you can use when creating a role
Simply add these permissions into the Lambda IAM roles policy as below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
}
]
}
See this also: https://repost.aws/knowledge-center/lambda-permissions-issues.
Hope it helps and if it does, I would appreciate answer to be accepted, so that community can benefit for clarity when searching for similar issues, thanks ;)
Relevant content
- What's the difference between Lambda function execution role permissions and invocation permissions?AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago