The AWS SDK for JavaScript version 3 (v3) is a rewrite of v2 with some great new features, including modular architecture. For more information, see the AWS SDK for JavaScript v3 Developer Guide.
Create a Lambda Execution Role in IAM
This topic is part of a larger tutorial about using the AWS SDK for JavaScript with AWS Lambda functions. To start at the beginning of the tutorial, see Tutorial: Creating and Using Lambda Functions.
In this task, you will focus on creating IAM role used by the application to execute the Lambda function.

A Lambda function requires an execution role created in IAM that provides the function with the necessary permissions to run. For more information about the Lambda execution role, see Manage Permissions: Using an IAM Role (Execution Role) in the AWS Lambda Developer Guide.
To create the Lambda execution role in IAM
-
Open
lambda-role-setup.js
in theslotassets
directory in a text editor. -
Find this line of code.
const ROLE = "
ROLE
"Replace
ROLE
with another name. -
Save your changes and close the file.
-
At the command line, type the following.
node lambda-role-setup.js
-
Make a note of the ARN returned by the script. You need this value to create the Lambda function.
Setup Script Code
The following code is the setup script that creates the Lambda execution role. The setup
script creates the JSON that defines the trust relationship needed for a Lambda execution role.
It also creates the JSON parameters for attaching the AWSLambdaRole managed policy. Then it
assigns the string version of the JSON to the parameters for the createRole
method of the IAM service object.
The createRole
method automatically URL-encodes the JSON to create the
execution role. When the new role is successfully created, the script displays its ARN. Then
the script calls the attachRolePolicy
method of the IAM service object to
attach the managed policy. When the policy is successfully attached, the script displays a
confirmation message.
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Load credentials and set Region from JSON file AWS.config.loadFromPath('./config.json'); // Create the IAM service object var iam = new AWS.IAM({apiVersion: '2010-05-08'}); var myPolicy = { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }; var createParams = { AssumeRolePolicyDocument: JSON.stringify(myPolicy), RoleName: "ROLE" }; var policyParams = { PolicyArn: "arn:aws:iam::policy/service-role/AWSLambdaRole", RoleName: "ROLE" }; iam.createRole(createParams, function(err, data) { if (err) { console.log(err, err.stack); // an error occurred } else { console.log("Role ARN is", data.Role.Arn); // successful response iam.attachRolePolicy(policyParams , function(err, data) { if (err) { console.log(err, err.stack); } else { console.log("AWSLambdaRole Policy attached"); } }); } });
Click next to continue the tutorial.