Step 2.2: Create the IAM role (execution role) - Amazon ElastiCache

Step 2.2: Create the IAM role (execution role)

In this step, you create an AWS Identity and Access Management (IAM) role using the following predefined role type and access policy:

  • AWS service role of the type AWS Lambda – This role grants AWS Lambda permissions to assume the role.

  • AWSLambdaVPCAccessExecutionRole – This is the access permissions policy that you attach to the role. The policy grants permission for the EC2 actions that AWS Lambda needs to manage ENIs. You can view this AWS-managed policy in IAM console.

For more information about IAM user roles, see Roles (Delegation and Federation) in the IAM User Guide.

Use the following procedure to create the IAM role.

To create an IAM (execution) role
  1. Sign in to the AWS Management Console and open the IAM console at

  2. Choose Roles and then Create role.

    • Under Trusted entity type, choose AWS Service, and then under Use cases choose Lambda. This grants the AWS Lambda service permissions to assume the role. Choose Next.

    • Under Add permissions, search for AWSLambdaVPCAccessExecutionRole and select the check box next to the policy.

    • Choose Next.

    • In Role Name, use a name that is unique within your AWS account (for example, lambda-vpc-execution-role).

    • Choose Create role.

  3. Copy the role ARN. You will need it in the next step when you create your Lambda function.

Next Step

Step 2.3: Upload the deployment package (create the Lambda function)