- Mais recentes
- Mais votos
- Mais comentários
When you create a function, by default Lambda will automatically create an IAM execution role for the function. To do that, your IAM user will require the iam:CreateRole
permission, which it looks like it doesn't currently. To do this, they could create a new policy that includes that permission and attach it to your IAM user. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html
It's important to bear in mind when granting permissions to IAM that some of these could allow a user with restricted permissions to escalate their privileges - for example, by allowing them to add additional permissions to their IAM user, or by creating and assuming a more privileged role.
Alternatively, if an appropriate Lambda service role already exists in the account, or could be created by another user, you can expand the Change default execution role section and select it, instead of creating a new role.
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 3 meses