We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tried setting up lambdas in my vpc.
The result is that the role for lambdas execution doesn't have the proper permissions for it. Lambdas in a VPC will require additional permissions (and limitations) per https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html.
So lambdas need:
AWSLambdaVPCAccessExecutionRole
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DetachNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": [ "*" ], "Condition": { "ArnEquals": { "lambda:SourceFunctionArn": [ "arn:aws:lambda:us-west-2:123456789012:function:my_function" <== here it goes the list of domain-protect functions ] } } } ] }
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Tried setting up lambdas in my vpc.
The result is that the role for lambdas execution doesn't have the proper permissions for it. Lambdas in a VPC will require additional permissions (and limitations) per https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html.
So lambdas need:
AWSLambdaVPCAccessExecutionRolemanaged policy{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DetachNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": [ "*" ], "Condition": { "ArnEquals": { "lambda:SourceFunctionArn": [ "arn:aws:lambda:us-west-2:123456789012:function:my_function" <== here it goes the list of domain-protect functions ] } } } ] }The text was updated successfully, but these errors were encountered: