The provided execution Role does not have Permissions [Fix]
Reading time·2 min
# The provided execution Role does not have Permissions
Attach the AWSLambdaVPCAccessExecutionRole managed policy to the function's
execution role to solve the lambda error "The provided execution role does not
have permissions to call DescribeNetworkInterfaces".
The error occurs because lambda functions in a VPC need to have permission to create and manage elastic network interfaces.
To attach the AWSLambdaVPCAccessExecutionRole policy to the function, you have
to:
- Open the AWS Lambda console and click on the function's name
- Click on the
ConfigurationTab and then clickPermissions
- Click on the function's role and then click
Add permissionsandAttach policies - Filter for the
AWSLambdaVPCAccessExecutionRolemanaged policy, click the checkbox next to its name and clickAttach Policy
The AWSLambdaVPCAccessExecutionRole grants the lambda function permissions to
create and manage elastic network interfaces and log to CloudWatch.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" } ] }
After the function has permission to create and manage elastic network interfaces, the error will be resolved.
print statement in the function's code and click on the Deploy button.I've also written a tutorial on how to add permissions to Lambda functions in AWS CDK.
# Additional Resources
You can learn more about the related topics by checking out the following tutorials:
