Where in the IAM can I see the policy configured using aws lambda add-permission?

Question

This AWS CLI command:

aws lambda add-permission --function-name my_test_Lambda_fn --statement-id test_id --principal iotanalytics.amazonaws.com --action lambda:InvokeFunction

Gives the following output:

{
    "Statement": "{\"Sid\":\"test_id \",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"iotanalytics.amazonaws.com\"}...
}

I wanted to see the above in IAM console, so I tried looking at the roles used by IoTAnalytics and Lambda; and in their respective policies; but the above output is not part of any policy. Where in the IAM can I see the policy configured by the above AWS CLI command? I think that it configured at principal level, but where do I see it in the IAM console?

Answer 1

These are resource-based permission for the lambda function. You can view them in AWS console -> Permissions -> Resource-based policy:

Answer 2

This isn't actually an IAM policy (although it might resemble one). In fact it is a type of resource policy (in this case named Function policy).

Certain services such as S3, SNS, SQS and in this case Lambda have the ability to have a policy attached which dictates how other entities can interact with them such as other AWS accounts or services that do not support an attached IAM role.

From within the console on the Lambda function itself access the Permissions tab, then at the bottom of the page is a sub-item named Resource-based policy. This will contain the policy that you have added.

Answer 3

You have to go into the Lambda console, select your Function and then you can click on Permissions to see the permissions attached to your lambda.