Solve - (Lambda) The provided execution Role does not have Permissions

Solve - The provided execution Role does not have Permissions #

To solve the lambda error - "The provided execution role does not have permissions to call DescribeNetworkInterfaces" we have to attach the AWSLambdaVPCAccessExecutionRole managed policy to the function's execution role.

The error occurs, because lambda functions in a VPC need to have permissions to create and manage elastic network interfaces.

To attach the AWSLambdaVPCAccessExecutionRole policy to the function, you have to:

1. Open the AWS Lambda console and click on the function's name
2. Click on the Configuration Tab and then click Permissions

3. Click on the function's role and then click on Attach policies
4. Filter for the AWSLambdaVPCAccessExecutionRole managed policy, click the checkbox next to its name and click Attach Policy

The AWSLambdaVPCAccessExecutionRole grants the lambda function permissions to create and manage elastic network interfaces and log to CloudWatch.

Copied!
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "ec2:CreateNetworkInterface",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DeleteNetworkInterface",
                "ec2:AssignPrivateIpAddresses",
                "ec2:UnassignPrivateIpAddresses"
            ],
            "Resource": "*"
        }
    ]
}

After the function has permissions to create and manage elastic network interfaces the "The provided execution role does not have permissions to call DescribeNetworkInterfaces" should be resolved.

Further Reading #

• AWS CDK Tutorial for Beginners - Step-by-Step Guide
• How does AWS CDK work
• What is a Token in AWS CDK
• CDK Constructs - Complete Guide
• What is an identifier (id) in AWS CDK
• How to use Context in AWS CDK
• How to use Parameters in AWS CDK