All geek questions in one place

AWC Lambda VPC Access Error: "CreateNetworkInterface"

enter image description here

I am trying to configure Lambda to access my Mongo server on one of the EC2 instances in VPC. After selecting all the subnets and security groups, I get the following error when saving Msgstr "You are not authorized: CreateNetworkInterface."

I believe that I need some kind of policy setting in my account to allow this, but I have "AdministratorAccess" and I'm trying to add the IAM role to my account. Does anyone know what policy / role I need for this?

+5
source share
2 answers

Gotcha !!! If the error message states that "This Lambda function does not have the right to execute: CreateNetworkInterface", then it would be more reasonable that the role of the lambda should be changed using the appropriate policy. The problem with adding policies to the role that Lambda used was fixed:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "ec2:DescribeInstances", "ec2:CreateNetworkInterface", "ec2:AttachNetworkInterface", "ec2:DescribeNetworkInterfaces", "autoscaling:CompleteLifecycleAction" ] } ] }
+8
source

It is necessary to provide the lambda with political actions:

 NetworkLambdaRole: Type: "AWS::IAM::Role" Properties: RoleName: "Network-Lambda-Role" AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: "Allow" Principal: Service: - "lambda.amazonaws.com" Action: - "sts:AssumeRole" Policies: - PolicyName: "network-lambda-role-policy" PolicyDocument: Version: '2012-10-17' Statement: - Effect: "Allow" Action: [ "ec2:DescribeInstances", "ec2:CreateNetworkInterface", "ec2:AttachNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface" ] Resource: "*"

Note: in response from blueskin there is no ec2:DeleteNetworkInterfaces policy ec2:DeleteNetworkInterfaces

+2
source

Source: https://habr.com/ru/post/1242895/

More articles:


All Articles