Reputation: 86267
What's the default IAM permissions for a Lambda ARN?
Assuming you create a Lambda ARN and Publish it, what are the default IAM permissions for that Lambda ARN?
i.e. can anyone go ahead and use it if they have the ARN?
Upvotes: 0
Views: 300
Answers (1)
Reputation: 2155
When you create a lambda, you have to assign an IAM role to it. There are no predefined roles, although there are some predefined policies that you can assign to a role. As a minimum you would want to allow it to write logs to CloudWatch. If you wanted the lambda to access an S3 bucket, that policy would need to be assigned to the role.
The role you assign to a Lambda only defines what that Lambda can do, not what can invoke it. You can assign triggers for other AWS services to invoke the Lambda, but you can't say set a policy in the lambda role or trigger that would allow anything to invoke it.
If you wanted to invoke the lambda directly (e.g. though an SDK), you would need an IAM role that had permission to invoke that lambda.
The ARN (Amazon Resource Name) is just a naming convention that AWS uses to find something.
Upvotes: 1
Related Questions
- Setting AWS Lambda as Principal in Permission Policy
- Where in the IAM can I see the policy configured using aws lambda add-permission?
- What is the right iam role to execute lambda in the console
- What is the ARN of an assumed role assumed by a Lambda function?
- Does a lambda function IAM role require an IAM permission to invoke itself?
- Run AWS lambda as an IAM user
- How to grant full access to just one Lambda function
- Permission for IAM user to create lambda function
- Lambda call fails with no permission error
- IAM Roles Assume Role Permission