Create Policy for Lambda function
In this part, we will create a Policy that grants the Lambda function permission to get, write, and delete objects in the S3 bucket.
- Navigate to console of created in step 1 Lambda function.
- In tab Configuration, click Permissions
- Click on the role being executed by the function
- Click Add permissions
- Select Attach policies
- Click Create policy
- Click Choose a service
- Enter S3, then select S3
- Click Action, expand Read in Access level
- Check to GetObject permission
- Then, expand Write
- Check to DeleteObject permission
- In Resource, click Add ARN to specify resources.
- Enter bucket name: book-image-store
- Check to Any to allow permissions for all objects in the bucket
- Click Add
- Click Add additional permissions
- Repeat steps 4 and 5
- Then, expand Write, check to PutObject permission
- Repeat steps 8 and 9 with bucket name is book-image-resize-store
- Click Next tags
- Click Next review
- Enter policy name, such as: LambdaResizeImageS3Policy
- Review policy information and click Create policy
- Back to adding policy for Lambda function screen, enter the name of the policy we just created.
- Check to the policy: LambdaResizeImageS3Policy
- Click Attach policies
We have finished granting the Lambda function read, write, and delete permissions from the S3 bucket. The next step is to test the Lambda function working when uploading an image.