Reputation: 9305
Policy to allow lambda:InvokeFunction to an IAM Assumed Role
I am using trying to invoke a Lambda from another Lambda, I am getting the error:
AccessDeniedException: User: [role ARN] is not authorized to perform: lambda:InvokeFunction on resource: [Lambda ARN]
After researching, I found put that I need to attach a Policy to the IAM user to allow the action.
I'm wondering if there's any AWS Managed Policy which allows lambda:InvokeFunction?
If not, what would be the best minimalist policy JSON to create?
Upvotes: 7
Views: 21309
Answers (1)
Reputation: 2727
A managed role would be the AWSLambdaRole.
If you want to create it on your own:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "lambda:InvokeFunction",
"Effect": "Allow",
"Resource": "<ARN of the function which is allowed to be invoked>"
}
]
}
For the ARN (Amazon Resource Name) you could also put * (then all functions are allowed to be invoked). Also, you could provide a list of multiple function ARNs.
Upvotes: 11
Related Questions
- Variable in AWS IAM role to grant permissions to Lambda function
- Using existing IAM role when creating AWS Lambda Function
- How apply caller IAM policy to lambda function execution?
- Run AWS lambda as an IAM user
- How to make a role assumable by given lambda function?
- Permission for IAM user to create lambda function
- Cross account role for an AWS Lambda function
- Running an AWS Lambda function Under Different IAM Roles
- The proper AWS managed policy to attach an IAM Role to execute Lambda Functions
- IAM Roles Assume Role Permission