Knowledge Base

Custom permissions for lamba function in terraform-aws-lambda

View full discussion in GitHub

Answer

A customer asked: > I have a lambda that I'm creating using the lambda service module in the catalog. I need it to have permissions to get a secret from the secrets manager. If this was an ecs-service , I'd set the iam_policy var as needed, but it seems like with the lambda I need to first create a separate policy and then provide the policy as the assume_role_policy var. Am I understanding this correctly?

This is correct! There is a default lambda role defined in the module. However, if you need to set your own custom permissions, you can define them outside of the lambda module and still attach them to the lambda function's `aws_iam_role`.