Every Lambda function has an IAM role associated with it. This role defines what other AWS services the function is allowed to interact with. For the purposes of this workshop, you’ll need to create an IAM role that grants your Lambda function permission to write logs to Amazon CloudWatch Logs and access to write items to your DynamoDB table.
Use the IAM console to create a new role. Name it
WildRydesLambda and select AWS Lambda for the role type. You’ll need to attach policies that grant your function permissions to write to Amazon CloudWatch Logs and put items to your DynamoDB table.
Attach the managed policy called
AWSLambdaBasicExecutionRole to this role to grant the necessary CloudWatch Logs permissions. Also, create a custom inline policy for your role that allows the
ddb:PutItem action for the table you created in the previous section.
✅ Step-by-step directions
AWSLambdaBasicExecutionRolein the Filter text box and check the box next to that role.
WildRydesLambdafor the Role name.
Next you need to add permissions to the role so that it can access your DynamoDB table.
*✅ Step-by-step directions
WildRydesLambdainto the filter box on the Roles page and choose the role you just created.
DynamoDBinto the search box labeled Find a service and select DynamoDB when it appears.
PutIteminto the search box labeled Filter actions and check the box next to PutItem when it appears.
DynamoDBWriteAccessfor the policy name and choose Create policy.