How to setup IAM policy for AWS Lambda in VPC to resolve error "You are not authorized to perform: CreateNetworkInterface."

Question 1

How to setup IAM policy for AWS Lambda in VPC to resolve error "You are not authorized to perform: CreateNetworkInterface."

amazon-web-services aws-lambda amazon-iam aws-vpc

blueskin · Feb 12, 2016 · Viewed 9.7k times · Source

Answer

Answer

Gotcha!!! If the error message said "This Lambda function is not authorized to perform: CreateNetworkInterface" then it would have made more sense that the Lambda role needs to be modified with appropriate policy. Fixed the problem by adding the policy to the role that the Lambda was using:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Resource": "*",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:CreateNetworkInterface",
                "ec2:AttachNetworkInterface",
                "ec2:DescribeNetworkInterfaces",
                "autoscaling:CompleteLifecycleAction"
            ]
        }
        ]
}

Question 2

I am trying to setup my Lambda to access my Mongo server on one of the EC2 instances in VPC. After selecting all the subnets and security groups, I get the following error when saving "You are not authorized to perform: CreateNetworkInterface."

I believe, I need some sort of policy setup in AWS IAM to allow this.

I have "AdministratorAccess" and I am trying to add IAM role to my account.

Does anyone know what policy/role I need for this?

How to setup IAM policy for AWS Lambda in VPC to resolve error "You are not authorized to perform: CreateNetworkInterface."

Answer

Related questions