Create IAM Role

Every Lambda function has an IAM role associated with it.

This role defines what other AWS services the function is allowed to interact with.

  • For the purposes of this workshop, you will need to create an IAM role that grants your Lambda function permission to write logs to AWS CloudWatch and access to write items to your DynamoDB table.

Steps summary:

  1. Use the IAM console to create a new role.
  2. Name it WildRydesLambda and select AWS Lambda for the role type.
  3. You will need to attach policies that grant your function permissions to write to AWS CloudWatch Logs and put items to your DynamoDB table.
  4. Attach the managed policy called AWSLambdaBasicExecutionRole to this role to grant the necessary CloudWatch Logs permissions.
  5. create a custom inline policy for your role that allows the ddb:PutItem action for the table you created in the previous section.

Steps directions:

Step 1: Go to AWS IAM console

Step 2: Select Roles in the left navigation bar and then choose Create role backend

Step 3: Select Lambda for the role type from the AWS service group, then click Next: Permissions

Selecting a role type automatically creates a trust policy for your role that allows AWS services to assume this role on your behalf. If you were creating this role using the CLI, AWS CloudFormation or another mechanism, you would specify a trust policy directly.


Step 4: Type AWSLambdaBasicExecutionRole in the Filter text box and check the box next to that role backend

Step 7: Click Next:Review

Step 8: Enter WildRydesLambda for the Role name

Step 9: Choose Create Role backend