AWS Greengrass
Developer Guide

Configure IAM Roles

  1. Because you are creating a Lambda function that accesses other AWS services, you need to create an IAM role that has access to DynamoDB and AWS Greengrass. For more information about IAM, see the AWS Identity and Access Management documentation.

    In the IAM console, choose Roles, and then choose Create Role:

                            Screenshot of Roles page with Create role highlighted.

    Choose AWS service, and then choose Greengrass:

                            Screenshot of Choose the service that will use this role with
                                Greengrass highlighted.

    Choose Next: Permissions.

    On the Attach permissions policies page, select the following policies: AWSGreengrassResourceAccessRolePolicy, AWSGreengrassFullAccess, and AmazonDynamoDBFullAccess.

    Next, choose Next: Review. For Role name, type Greengrass_DynamoDB_Role, and then choose Create role.

                            Screenshot of the Trusted entities field displaying
                                AWSGreengrassResourceAccessRolePolicy, AWSGreengrassFullAccess, and
  2. Repeat the prior step to create the role for the AWS Lambda service (instead of the AWS Greengrass service). Give the role the same policies (AWSGreengrassResourceAccessRolePolicy, AWSGreengrassFullAccess, and AmazonDynamoDBFullAccess). For Role name, type Lambda_DynamoDB_Role.

  3. In the AWS IoT console, under Greengrass, choose Groups, and choose your AWS Greengrass group. Choose Settings, and then choose Add Role:

                            My1stGroup screenshot with Settings and Add Role

    The IAM role you just created should appear in the list. If it does not appear, search for it, select it, and then choose Save:

                            Your Group's IAM Role webpage with the Greengrasss_DynamoDB_Role
                                and Save button highlighted.