Create Policy for Lambda function

In this part, we will create a Policy that grants the Lambda function permission to get, write, and delete objects in the S3 bucket.

  1. Navigate to console of created in step 1 Lambda function.

    • In tab Configuration, click Permissions
    • Click on the role being executed by the function CreatePolicy

  2. Click Add permissions

    • Select Attach policies CreatePolicy

  3. Click Create policy CreatePolicy

  4. Click Choose a service and Enter S3, then select S3 CreatePolicy

  5. Click Action, expand Read in Access level

    • Check to GetObject permission CreatePolicy

  6. Then, expand Write

    • Check to DeleteObject permission CreatePolicy

  7. In Resource, click Add ARN to specify resources. CreatePolicy

  8. Enter bucket name: book-image-shop

    • Check to Any to allow permissions for all objects in the bucket
    • Click Add CreatePolicy

  9. Click Add additional permissions

CreatePolicy

  1. Repeat steps 4 and 5 and

    • Then, expand Write, check to PutObject permission
    • click Add ARN to specify resources. CreatePolicy

  2. Repeat steps 8 and 9 with bucket name is book-image-resize-shop CreatePolicy

  3. Click Next, Enter policy name, such as: LambdaResizeImageS3Policy

    • Review policy information and click Create policy CreatePolicy

  4. Back to adding policy for Lambda function screen, enter the name of the policy we just created.

    • Check to the policy: LambdaResizeImageS3Policy
    • Click Attach policies CreatePolicy

We have finished granting the Lambda function read, write, and delete permissions from the S3 bucket. The next step is to test the Lambda function working when uploading an image.