Give AWS Lambda an AWS Managed Policy with CDK

2.1k Views Asked by ReactNewbie123 At 26 January 2023 at 18:12

I have a Lambda function defined in CDK. I'm using this Lambda to invoke a State Machine and for that I would need to provide it some Policies. The way I tried was the following:

const stepFunctionsPolicy = new PolicyStatement({
      effect: Effect.ALLOW,
      actions: ["states:*"],
      resources: ['*']
})

MachineLambda.addToRolePolicy(stepFunctionsPolicy) //Added the Policy to the Lambda's Role

This is a workaround, but ideally, I would like to provide AWS Managed Policies, instead of manually defining each policy, to this Lambda function (specifically the AWSStepFunctionsFullAccess)?

Original Q&A

There are 1 best solutions below

fedonev On 26 January 2023 at 18:59 BEST ANSWER

The question specifically asks how to add the AWSStepFunctionsFullAccess managed policy to the Lambda's role. This allows the Lambda to perform CRUD operations on all step functions:

machineLambda.role?.addManagedPolicy(
   iam.ManagedPolicy.fromAwsManagedPolicyName("AWSStepFunctionsFullAccess")
);

Consider granting the Lambda narrow permissions instead, following the IAM least privilege permissions security best practice:

myStateMachine.grantExecution(machineLambda);

Give AWS Lambda an AWS Managed Policy with CDK

There are 1 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AWS-LAMBDA

Related Questions in AWS-CDK

Related Questions in AWS-PERMISSIONS

Trending Questions

Popular # Hahtags

Popular Questions