Reading time·2 min
Attach the AWSLambdaVPCAccessExecutionRole
managed policy to the function's
execution role to solve the lambda error "The provided execution role does not
have permissions to call DescribeNetworkInterfaces".
The error occurs because lambda functions in a VPC need to have permission to create and manage elastic network interfaces.
To attach the AWSLambdaVPCAccessExecutionRole
policy to the function, you have
to:
Configuration
Tab and then click Permissions
Add permissions
and Attach policies
AWSLambdaVPCAccessExecutionRole
managed policy, click the
checkbox next to its name and click Attach Policy
The AWSLambdaVPCAccessExecutionRole
grants the lambda function permissions to
create and manage elastic network interfaces and log to CloudWatch.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" } ] }
After the function has permission to create and manage elastic network interfaces, the error will be resolved.
print
statement in the function's code and click on the Deploy
button.I've also written a tutorial on how to add permissions to Lambda functions in AWS CDK.
You can learn more about the related topics by checking out the following tutorials: