Reputation: 16264
How to grant full access to just one Lambda function
I have created an IAM user in my AWS account for someone to assist me in a project.
How do I grant full access for this user to one specified Lambda function?
By full access, I mean he has the same rights as me (root account) regarding this one function, and not do other things like creating new functions or viewing other functions.
Upvotes: 0
Views: 5932
Answers (1)
Reputation: 270104
First, be careful what you mean by "full access". This would include the ability to delete the function, which is probably not something you'd like to allow.
Take a look at: Actions, Resources, and Condition Keys for AWS Lambda - AWS Identity and Access Management
It lists all Lambda-related actions. You'll notice that many of the entries have function listed in the Resource Types column. This means you can limit the permission being granted to only the stated function(s). So, you'll probably want to limit permission only to those actions that can be restricted by function.
The result would be a policy similar to:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration"
],
"Resource": "arn:aws:lambda:ap-southeast-2:123456789012:function:my-function"
}
]
}
Upvotes: 2
Related Questions
- Variable in AWS IAM role to grant permissions to Lambda function
- AWS IAM Lambda "is not authorized to perform: lambda:GetFunction"
- Giving access to AWS Lambda service with limited policy
- Run Lambda function with same permissions as user invoking API Gateway endpoint
- AWS AccessDeniedException for lambda ListFunctions on a IAM user
- How to wildcard aws lambda function permission in resource
- Permission for IAM user to create lambda function
- Running an AWS Lambda function Under Different IAM Roles
- AWS lambda AccessDeniedException calling another lambda function
- In 2018, what is the correct way to allow invocation of a single lambda function?