Borislav Hadzhiev
Last updated: Sep 29, 2021
Check out my new book
Attach the AWSLambdaVPCAccessExecutionRole
managed policy to the function's
execution role to solve the lambda error "The provided execution role does not
have permissions to call DescribeNetworkInterfaces".
The error occurs because lambda functions in a VPC need to have permissions to create and manage elastic network interfaces.
To attach the AWSLambdaVPCAccessExecutionRole
policy to the function, you have
to:
Configuration
Tab and then click Permissions
Add permissions
and
Attach policies
AWSLambdaVPCAccessExecutionRole
managed policy, click the
checkbox next to its name and click Attach Policy
The AWSLambdaVPCAccessExecutionRole
grants the lambda function permissions to
create and manage elastic network interfaces and log to CloudWatch.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" } ] }
After the function has permissions to create and manage elastic network interfaces, the "The provided execution role does not have permissions to call DescribeNetworkInterfaces" error will be resolved.
print
statement in the function's code and click on the Deploy
button.