'create function' lambda permission issue
Hi, I'm just a developer at work. The company I did my internship is currently developing a startApp project. As a developer I want to create lambda functions. But for this, the access premissions it gave me not enough and he doesn't know which premissions he should give. What access permissions do we need exactly?
I have already these permissions :
AWSLambda_FullAccess AWSXRayDaemonWriteAccess AWSLambdaExecute AWSLambdaSQSQueueExecutionRole AWSLambdaKinesisExecutionRole AWSLambdaBasicExecutionRole AWSLambdaInvocation-DynamoDB AWSLambdaRole
This is the warn: "User: arn:aws:iam::325845585854:user/Murat is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::325845585854:role/service-role/example-role-m4gdfidg because no identity-based policy allows the iam:CreateRole action"
When you create a function, by default Lambda will automatically create an IAM execution role for the function. To do that, your IAM user will require the iam:CreateRole permission, which it looks like it doesn't currently. To do this, they could create a new policy that includes that permission and attach it to your IAM user. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html
It's important to bear in mind when granting permissions to IAM that some of these could allow a user with restricted permissions to escalate their privileges - for example, by allowing them to add additional permissions to their IAM user, or by creating and assuming a more privileged role.
Alternatively, if an appropriate Lambda service role already exists in the account, or could be created by another user, you can expand the Change default execution role section and select it, instead of creating a new role.
Relevant questions
Invoking a lambda function from core device
asked 2 years agoHow do I configure an Amazon MQ instance that's in a VPC to invoke a Lambda function?
Accepted Answerasked 2 years agoEasiest way to replicate a lambda?
asked 5 months agoIs there a way to recover the deleted lambda function?
asked a month agois it possible that SQS Triggers to a Lambda Function Alias?
Accepted Answerasked 6 months agoHow to export environment variables from a Lambda function.
asked 4 months agoHow to create a lambda layer for a CodeStar project?
asked 4 years agoCan't create a Lambda Function
asked 4 months agoHow do I link my Amazon Connect instance to a Lambda function outside the contact flow with automation
asked 2 months ago'create function' lambda permission issue
asked a month ago
