To grant Lambda necessary permissions to dig in to a VPC where a production RDS db resides in a private subnet. As mentioned by @portatlas above, the AWSLambdaVPCAccessExecutionRole managed policy fits like a glove (and we all know use of IAM Managed Policies is an AWS-recommended best-practice). This is for Lambdas with a service role already attached. AWS CLI
- Get Lambda Service Role Ask Lambda API for function configuration, query the role from that, output to text for an unquoted return.
aws lambda get-function-configuration \
--function-name <> \