What is Lambda Execution Role in AWS: Simple Explanation
Lambda execution role is an AWS Identity and Access Management (IAM) role that grants your Lambda function permission to access other AWS services and resources. It acts like a set of keys that lets your function do tasks such as reading from a database or writing logs securely.How It Works
Think of a Lambda execution role as a special badge your Lambda function wears to prove it has permission to do certain jobs. When your function runs, AWS checks this badge to see what it is allowed to access, like files, databases, or other services.
This role is created in AWS IAM and includes policies that list the allowed actions. For example, if your function needs to save logs, the role must have permission to write to CloudWatch Logs. Without this role, your Lambda function cannot interact with other AWS resources securely.
Example
This example shows how to create a simple Lambda execution role with permission to write logs to CloudWatch.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"],
"Resource": "arn:aws:logs:*:*:*"
}
]
}When to Use
Use a Lambda execution role whenever your Lambda function needs to interact with other AWS services. For example, if your function reads data from an S3 bucket, writes to a DynamoDB table, or sends messages to an SNS topic, it needs a role with the right permissions.
This role helps keep your AWS environment secure by granting only the permissions your function needs, following the principle of least privilege.
Key Points
- A Lambda execution role is an IAM role assigned to your Lambda function.
- It grants permissions for the function to access AWS resources securely.
- Permissions are defined by policies attached to the role.
- Always grant only the permissions your function needs.