Skip to content

Instantly share code, notes, and snippets.

@abdmun8

abdmun8/lambda-describe-network.md

Created July 20, 2022 09:02
Show Gist options
  • Save abdmun8/ade57f439d1bfbcda292d1da19d9392c to your computer and use it in GitHub Desktop.
Save abdmun8/ade57f439d1bfbcda292d1da19d9392c to your computer and use it in GitHub Desktop.
Download ZIP
AWS Lambda:The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2
Raw
lambda-describe-network.md

via Managed Policy

To grant Lambda necessary permissions to dig in to a VPC where a production RDS db resides in a private subnet. As mentioned by @portatlas above, the AWSLambdaVPCAccessExecutionRole managed policy fits like a glove (and we all know use of IAM Managed Policies is an AWS-recommended best-practice). This is for Lambdas with a service role already attached. AWS CLI

  1. Get Lambda Service Role Ask Lambda API for function configuration, query the role from that, output to text for an unquoted return.
aws lambda get-function-configuration \
    --function-name <<your function name or ARN here>> \
    --query Role \
    --output text

return, take your-service-role-name to #2 your-service-role-name

  1. Attach Managed Policy AWSLambdaVPCAccessExecutionRole to Service Role
aws iam attach-role-policy \
    --role-name your-service-role-name \
    --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment