- Provide access to Travis user for Lambda function deployment.
- Create IAM policy using the below details with the lambda_basic_execution role.
- Create IAM user for Travis user and attach the new policy
- <region> (eu-west-1, us-east-1, us-west-2....)
- <account-id> (your amazon account-id)
- <name-of-function> (target functon name e.g. sendgrid-eventkit)
- <name-of-role> (name of role you create e.g. travis-lambda)
- a_user_name: <aws:user>
- access_key: <aws-access-token>
- secret_key: <aws-secret-token>
arn:aws:iam::<account-id>:policy/<name-of-role>
The following can not be targeted at a specific resource.
lambda:ListFunctions
- Required if AWS is to make functions that don't exists. If you create a placeholder function first you could drop this.
lambda:CreateFunction
- Required to create and edit lambda functions
Targeted at the specific resource that you are creating,editing or configuring
lambda:GetFunction
lambda:UpdateFunctionCode
lambda:UpdateFunctionConfiguration
- Required to interact lambda functions
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CreateFunctions",
"Effect": "Allow",
"Action": [
"lambda:CreateFunction",
"lambda:ListFunctions"
],
"Resource": "*"
},
{
"Sid": "DeployCode",
"Effect": "Allow",
"Action": [
"lambda:GetFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration"
],
"Resource": [
"arn:aws:lambda:<region>:<account-id>:function:<name-of-function>"
]
},
{
"Sid": "SetRole",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::<account-id>:role/lambda_basic_execution"
]
}
]
}