Menu
I am trying to setup my Lambda to access my Mongo server on one of the EC2 instances in VPC. After selecting all the subnets and security groups, I get the following error when saving
"You are not authorized to perform: CreateNetworkInterface."
I believe, I need some sort of policy setup in AWS IAM to allow this.
I have "AdministratorAccess" and I am trying to add IAM role to my account.
Does anyone know what policy/role I need for this?
795
Attach the IAM policy to an IAM role Navigate to the IAM console and choose Roles in the navigation pane. Choose Create role. Choose AWS service and then choose Lambda. Choose Next: Permissions.
Your answer This is not possible with Lambda. Lambda functions can provide access only to one single VPC. If there are multiple subnets and are specified, then they must all be in the same VPC. You then can connect to the other VPCs by peering your VPCs.
So a public (non-VPC, has Internet access) Lambda function can call the Invoke API to trigger the private Lambda function, but the private VPC (no Internet access) Lambda function cannot access the Invoke API to trigger any Lambda function.
Gotcha!!! If the error message said "This Lambda function is not authorized to perform: CreateNetworkInterface" then it would have made more sense that the Lambda role needs to be modified with appropriate policy. Fixed the problem by adding the policy to the role that the Lambda was using:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"autoscaling:CompleteLifecycleAction"
]
}
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With