Step 2.2: Create the IAM role (execution role) - Amazon ElastiCache
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Step 2.2: Create the IAM role (execution role)

In this step, you create an Amazon Identity and Access Management (IAM) role using the following predefined role type and access policy:

  • Amazon service role of the type Amazon Lambda – This role grants Amazon Lambda permissions to assume the role.

  • AmazonLambdaVPCAccessExecutionRole – This is the access permissions policy that you attach to the role. The policy grants permission for the EC2 actions that Amazon Lambda needs to manage ENIs. You can view this Amazon-managed policy in IAM console.

For more information about IAM user roles, see Roles (Delegation and Federation) in the IAM User Guide.

Use the following procedure to create the IAM role.

To create an IAM (execution) role
  1. Sign in to the Amazon Management Console and open the IAM console at

  2. Choose Roles and then Create role.

    • Under Trusted entity type, choose Amazon Service, and then choose Lambda under Common use cases. This grants the Amazon Lambda service permissions to assume the role. Choose Next.

    • Under Add permissions, enter lambda-vpc-execution-role and then choose Next.

    • In Role Name, use a name that is unique within your Amazon account (for example, lambda-vpc-execution-role).

    • Choose Create role.

  3. Write down the role ARN. You will need it in the next step when you create your Lambda function.

Next Step

Step 2.3: Upload the deployment package (create the Lambda function)