AWS Lambda:The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2

Question

Today I have a new AWS Lambda question, and can\'t find anywhere in Google.

I new a Lambda function, there is no question. But when I input any code in this function[eg.

Answer 1

via AWS CLI using a Managed Policy

• To grant my Lambda necessary permissions to dig in to a VPC where a production RDS db lives.
• As mentioned by @portatlas above, the AWSLambdaVPCAccessExecutionRole managed policy fits like a glove (and we all know IAM Managed Policies are an AWS-recommended best-practice).
• This is for Lambda's with a service role already attached.

1. Get Lambda Service Role

• Piping aws lambda get-function-configuration output in to a grep for Role (probably a cleaner/leaner/meaner way to do this)

  aws lambda get-function-configuration \
      --function-name <> \
      | grep "Role"
  

• return

  "Role": "arn:aws:iam::000000000000:role/service-role/your-service-role-name",
  

• Take the value after the Role ARN's last slash your-service-role-name to #2

2. Attach Managed Policy AWSLambdaVPCAccessExecutionRole to Service Role

aws iam attach-role-policy \
    --role-name your-service-role-name \
    --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole