Programmers learn & share
0 votes
216 views

Problem :

I am new to Lambda and want to setup my Lambda to access my Mongo server on one of the EC2 instances in VPC. I tried selecting all the subnets and security groups, but still I am getting the following error while trying to save "You are not authorized to perform: CreateNetworkInterface."

I think, I need to do some kind of policy setup in AWS IAM to make this happen.

I have required "AdministratorAccess" and I am trying very hard to add IAM role to my account.

Please let me know what policy/role I need to add for this problem to be fixed?

by (6.9k points)   | 216 views

1 Answer

0 votes

Solution :

I had faced this issue in the recent past. I did lot of research on it.

I found the following solution to solve your issue.

If the error message is saying that "This Lambda function is not authorized to perform: CreateNetworkInterface" then it is more practical that Lambda role needs to be modified with appropriate policy. So fixed the problem by adding the lambda with the policy actions as follows:

NetworkLambdaRole:
 Type: "AWS::IAM::Role"
 Properties:
   RoleName: "Network-Lambda-Role"
   AssumeRolePolicyDocument:
     Version: '2012-10-17'
     Statement:
     -
       Effect: "Allow"
       Principal:
         Service:
         - "lambda.amazonaws.com"
       Action:
       - "sts:AssumeRole"
   Policies:
   - PolicyName: "network-lambda-role-policy"
     PolicyDocument:
       Version: '2012-10-17'
       Statement:
       - Effect: "Allow"
         Action: [
           "ec2:DescribeInstances",
           "ec2:CreateNetworkInterface",
           "ec2:AttachNetworkInterface",
           "ec2:DescribeNetworkInterfaces",
           "ec2:DeleteNetworkInterface"
         ]
         Resource: "*"

by (36.1k points)  
2,245 questions
2,807 answers
60 comments
241 users