Skip to content

4. Create a AWS Role

Jump to bottom
Vikas Rathod edited this page Feb 20, 2021 · 1 revision

Create a AWS Role

Now we need to Create a AWS Role to give permission to AWS Lambda to do CRUD operations on DynamoDB Table.

  • Login into your AWS Management Console.
  • Go to Services , and open IAM under Security, Identity, & Compliance section.
  • Click on Roles
  • Click on Create role

    we need to create a role for lambda to permit basic execution operations. So,

    • Select Lambda and click on Next: Permissions
    • Enter AWSLambdaBasicExecutionRole in search bar
    • Click on provided check box in front of AWSLambdaBasicExecutionRole
    • Click on Next: Tags
    • Enter Function as key and Practice as Value
    • Click on Next: Review
    • Enter LambdaDynamoDBAccessRole as Role name
    • Click on Create role
  • Now you'll see LambdaDynamoDBAccessRole in list, but we need to give access of specific DynamoDB table for write operations. So,
    • Click on LambdaDynamoDBAccessRole.
    • Click on Add inline policy
    • Click on Choose a service and select DynamoDB
    • Click check box in front of Write

    NOTE : Best practice is to give minimum required permission to resources.

    • Click on Resources , look for table and click on Add ARN.
    • Paste your DyanmoDB ARN in the Specify ARN for table area and click on Add.

    Here we've given only write permission to only serverless table with this role.

    • Now click on Review Policy
    • Enter serverlessDBAccessforLambda in Name
    • Now click on Create policy

You've successfully created a AWS Role.

Clone this wiki locally