Solve - The provided execution Role does not have Permissions

avatar

Borislav Hadzhiev

Last updated: Sep 29, 2021

banner

Check out my new book

Solve - The provided execution Role does not have Permissions #

Attach the AWSLambdaVPCAccessExecutionRole managed policy to the function's execution role to solve the lambda error "The provided execution role does not have permissions to call DescribeNetworkInterfaces".

The error occurs because lambda functions in a VPC need to have permissions to create and manage elastic network interfaces.

To attach the AWSLambdaVPCAccessExecutionRole policy to the function, you have to:

  1. Open the AWS Lambda console and click on the function's name
  2. Click on the Configuration Tab and then click Permissions

click on role

  1. Click on the function's role and then click Add permissions and Attach policies
  2. Filter for the AWSLambdaVPCAccessExecutionRole managed policy, click the checkbox next to its name and click Attach Policy

attach vpc access policy

The AWSLambdaVPCAccessExecutionRole grants the lambda function permissions to create and manage elastic network interfaces and log to CloudWatch.

AWSLambdaVPCAccessExecutionRole
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" } ] }

After the function has permissions to create and manage elastic network interfaces, the "The provided execution role does not have permissions to call DescribeNetworkInterfaces" error will be resolved.

If the error persists, make a small change to the lambda function, e.g. increase its timeout by 1 second or add an extra print statement in the function's code and click on the Deploy button.

Further Reading #

Use the search field on my Home Page to filter through my more than 3,000 articles.