AWS Lambda
Developer Guide

Step 2.2: Create the Execution Role (IAM Role)

In this section, you create an IAM role using the following predefined role type:

  • AWS service role of the type AWS Lambda – This role grants AWS Lambda permissions to assume the role.

For more information about IAM roles, see IAM Roles in the IAM User Guide. Use the following procedure to create the IAM role.

To create an IAM role (execution role)

  1. Sign in to the AWS Management Console and open the IAM console at

  2. Follow the steps in Creating a Role to Delegate Permissions to an AWS Service in the IAM User Guide to create an IAM role (execution role). As you follow the steps to create a role, note the following:

    • In Role Name, use a name that is unique within your AWS account (for example, lambda-gateway-execution-role).

    • In Select Role Type, choose AWS Service Roles, and then choose AWS Lambda. This grants the AWS Lambda service permissions to assume the role.

    • You create an IAM role without attaching a permissions policy in the console. After you create the role, you update the role, and then attach the following permissions policy to the role.

    { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1428341300017", "Action": [ "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "", "Resource": "*", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow" } ] }
  3. Write down the role ARN (Amazon Resource Name). You need it in the next step when you create your Lambda function.

Next Step

Step 2.3: Create the Lambda Function and Test It Manually

On this page: