TerraformResolving AWS Lambda Execution Role Permissions for VPC Access
When deploying an AWS Lambda function that needs to interact with resources in a Virtual Private Cloud (VPC), you may encounter permission errors. One common error message is:
The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2.
This typically occurs when the Lambda function is configured to run within a VPC but lacks the necessary permissions to manage network interfaces. To resolve this issue, ensure that your Lambda execution role has the appropriate permissions.
Example Lambda Function Code
Here’s a basic example of a Lambda function:
exports.handler = (event, context, callback) => {
console.log('Hello from Lambda'); // Your code here
callback(null, 'Function executed successfully');
};Configuring IAM Role Permissions
To allow your Lambda function to manage network interfaces, you need to attach a policy that includes the following permissions:
ec2:DescribeNetworkInterfacesec2:CreateNetworkInterfaceec2:DeleteNetworkInterface
Example IAM Policy
Here’s an example IAM policy that grants the necessary permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances"
],
"Resource": "*"
}
]
}Attaching the Policy to Your Lambda Role
- Go to the IAM console in AWS.
- Find the role associated with your Lambda function.
- Attach the policy you created or modified.
Conclusion
After updating the execution role with the necessary permissions, your Lambda function should be able to save and execute without encountering the permission error. Always ensure that your roles have the minimum permissions necessary for security best practices.