Problem scenario
When trying to attach a Lambda function to a VPC, you get an error like this: "The provided execution role does not have permissions to call CreateNetworkInterface on EC2"
What should you do?
Solution
1. Go to IAM and create a policy. Use the JSON editor. Use these settings (taken from StackOverflow):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:AttachNetworkInterface"
],
"Resource": "*"
}
]
}
- Name the above policy something memorable. Then go to the Lambda section. Go to the Lambda function you are trying to attach a VPC to.
- Click on the "Execution Role" name that is hyperlinked.
- Attach the policy created in step #1.