About AWS
AWS Lambda is a compute service that lets you run code without managing servers. AWS Lambda executes your code only when needed and scales automatically. You pay only for the compute time you consume – there is no charge when your code is not running.
Why IAM?
Before we call Lambda function we need to get correct permission setup to access the function. In AWS IAM (Identity and Access Management) we create a new user dedicated to using different IAM services. To know more click here.
Steps for setting up permission
Step 1 – Creating IAM user
- To create an IAM user login to AWS console search AWS Lambda search for IAM service, click add user give it a name select the programmatic access.
Step 2 – Generating policy
- After creating IAM user we now have to set up permission for this user, for that we will create a group and give it a name, there you will see that the group have no policy attached yet.
- Click on the group to add the inline policy to the group.
- We will use a policy generator to generate policy.
- AWS Lambda in AWS service followed by selecting actions.
- You may select All actions or few specified actions that’s all up to you for example if I have lambda function and I want to invoke this lambda function through AWS API I will select Invoke Async and Invoke Function.
Step 3 – Getting ARN
- Every resource in AWS is identified by an ARN(Amazon resource name), in order to execute our Lambda function, we have to specify permission to specific ARN over a Lambda function.
- To get ARN of your Lambda function select the function and at the top right corner, you will get your function’s ARN.
- Click next step and then click Apply policy and that’s all.
Step 4 – Getting the credentials
- Go back to the panel where we were building user and now select the group which we just have created and select add user.
- We have created an IAM user and that user can access our resources using a specific Access key and Secret Access Key. You are going to need them to either write it down or just download it and try to keep it in a safe place as you might not want that someone else will be using your services.
When you were using Access key and Secret Access key to get access to any AWS services, you can use it from your local machine and these are the few ways:-
Providing Access key to Java Runtime
=> Environment Variables
> AWS_ACCESS_KEY
> AWS_SECRET_ACCESS_KEY
=> Java System Properties
> aws.accessKeyId
> aws.secretKey
=> Credentials Profile File
> Windows : C:\users\username\.aws\credentials
> Linux/unix/mac : ~/.aws/credentials
And that’s it, congratulations you have set up your permission for AWS Lambda and if somehow you are still getting any trouble in setting up the permission make sure you follow above steps precisely and for that I will recommend you to go through this post again.
Reference :- https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html\
