Reputation: 6749
The proper AWS managed policy to attach an IAM Role to execute Lambda Functions
So, I have created a role via AWS IAM service. Initially, it only has the AWS managed policy AWSAppSyncPushToCloudWatchLogs.
Now I want to make this role capable of executing Lambda functions and nothing more (You know, a good security structure should not permit a bit more from what is needed).
To do that which AWS managed policy(-ies) should I attach to the IAM Role?
PS: The role will be used by AWS AppSync, if this information is crucial.
Upvotes: 1
Views: 1950
Answers (1)
Reputation: 56
You can attach managed policy, AWSLambdaRole. This grants permissions for your role to invoke any Lambda function.
policy statement
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": [
"*"
]
}
]
}
Please refer https://docs.aws.amazon.com/lambda/latest/dg/access-control-identity-based.html#access-policy-examples-aws-managed for more details.
Upvotes: 4
Related Questions
- Setting AWS Lambda as Principal in Permission Policy
- Variable in AWS IAM role to grant permissions to Lambda function
- Attach policy to a IAM Role
- Using existing IAM role when creating AWS Lambda Function
- Giving access to AWS Lambda service with limited policy
- How custom role(of Lambda) works with EC2 role policy?
- Policy to allow lambda:InvokeFunction to an IAM Assumed Role
- Cross account role for an AWS Lambda function
- IAM Roles Assume Role Permission
- AWS IAM Role Policy Resource Restriction