IAM Permissions for Lambda Functions - amresh087/newronaRepos GitHub Wiki

Now, we need to fetch lambda details handler.py file

 import json
 import time  
 import boot3

 client=boot3.client('lamda');

 def hello(event, context):
       response=client.list_functions()
     return response

Now let deploy it

  sls deploy

Now let test lambda function but it will throw exception because it is trying to fetch all lambda but by default there are no access for accessing any resource

  Test Event Name
  testme

 Response
  {
     "errorMessage": "Unable to import module 'handler': No module named 'boot3'",
      "errorType": "Runtime.ImportModuleError",
      "requestId": "f1c65f61-ad8b-44ed-94ff-e7786bf308da",
      "stackTrace": []
 }

 Function Logs
 START RequestId: f1c65f61-ad8b-44ed-94ff-e7786bf308da Version: $LATEST
 LAMBDA_WARNING: Unhandled exception. The most likely cause is an issue in the function code. However, in rare cases, a Lambda runtime update can 
 cause unexpected function behavior. For functions using managed runtimes, runtime updates can be triggered by a function change, or can be applied 
 automatically. To determine if the runtime has been updated, check the runtime version in the INIT_START log entry. If this error correlates with 
 a change in the runtime version, you may be able to mitigate this error by temporarily rolling back to the previous runtime version. For more 
 information, see https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html
 [ERROR] Runtime.ImportModuleError: Unable to import module 'handler': No module named 'boot3'
 Traceback (most recent call last):END RequestId: f1c65f61-ad8b-44ed-94ff-e7786bf308da
 REPORT RequestId: f1c65f61-ad8b-44ed-94ff-e7786bf308da	Duration: 13.41 ms	Billed Duration: 14 ms	Memory Size: 128 MB	Max Memory 
 Used: 30 MB	Init Duration: 80.25 ms

 Request ID
 f1c65f61-ad8b-44ed-94ff-e7786bf308da

Now, we need to add iam role in serverless.yml file

   service: my-aws-python3-demo
   # app and org for use with dashboard.serverless.com
   #app: your-app-name
   #org: your-org-name

   # You can pin your service to only deploy with a specific Serverless version
   # Check out our docs for more details
   frameworkVersion: '3'

   provider:
     name: aws
     runtime: python3.9

   # you can overwrite defaults here
     stage: dev
     region: us-east-1

   # you can add statements to the Lambda function's IAM Role here
     iam:
       role:
         statements:
           - Effect: "Allow"
             Action:
               - "lambda:*"
             Resource: 
               - "*"
   # you can define service wide environment variables here
   #  environment:
   #    variable1: value1

   # you can add packaging information here
   #package:
   #  patterns:
   #    - '!exclude-me.py'
   #    - '!exclude-me-dir/**'
   #    - include-me.py
   #    - include-me-dir/**

   functions:
     iam-example:
       handler: handler.hello
       timeout: 3
       memorySize: 128