1. 技术文章
  2. AWS Lambda:The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2

AWS Lambda:The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2

狂风中的少年 提交于 2019-12-23 18:04:11

问题


Today I have a new AWS Lambda question, and can't find anywhere in Google.

I new a Lambda function, there is no question. But when I input any code in this function[eg. console.log();] and click "Save", error is occured: "The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2" 

exports.handler = (event, context, callback) => {
    callback(null, 'Hello from Lambda');
    console.log();  // here is my code   
};

I bound the function with Role: lambda_excute_execution(Policy:AmazonElasticTranscoderFullAccess) And this function is not bound with any triggers now.

And then, I give the role "AdministratorAccess" Policy, I can save my source code correctly.

This role can run Functions successfully before today.

Is anyone know this error?

Thanks Very much!


回答1:


This error is common if you try to deploy a Lambda in a VPC, which giving it the required network interface related permissions ec2:DescribeNetworkInterfaces, ec2:CreateNetworkInterface, and ec2:DeleteNetworkInterface (see AWS Forum).

For example, this a policy that allows to deploy a Lambda into a VPC:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeNetworkInterfaces",
        "ec2:CreateNetworkInterface",
        "ec2:DeleteNetworkInterface",
        "ec2:DescribeInstances",
        "ec2:AttachNetworkInterface"
      ],
      "Resource": "*"
    }
  ]
}



回答2:


It is definitely a strange error, but are you sure the example code you added is the one you're using in your lambda?

Because in your code, you are trying to log something in your lambda after returning control via the callback. In other words, first you told your lambda that you're done. Next, while it is busy shutting down and returning your results, you try to do some logging...

So first, I'd try this:

exports.handler = (event, context, callback) => {
    console.log('this is a test');
    // do stuff
    callback(null, 'Hello from Lambda'); // only do a callback *after* you've run all your code
};

And see if that fixes the problem.



来源:https://stackoverflow.com/questions/41177965/aws-lambdathe-provided-execution-role-does-not-have-permissions-to-call-describ

标签
amazon-web-services
aws-lambda
amazon-iam
policy
role
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!