Identity-based IAM policies for Lambda

You can use identity-based policies in Amazon Identity and Access Management (IAM) to grant users in your account access to Lambda. Identity-based policies can apply to users, user groups, or roles. You can also grant users in another account permission to assume a role in your account and access your Lambda resources.

Lambda provides Amazon managed policies that grant access to Lambda API actions and, in some cases, access to other Amazon services used to develop and manage Lambda resources. Lambda updates these managed policies as needed to ensure that your users have access to new features when they're released.

AWSLambda_FullAccess – Grants full access to Lambda actions and other Amazon services used to develop and maintain Lambda resources.
AWSLambda_ReadOnlyAccess – Grants read-only access to Lambda resources.
AWSLambdaRole – Grants permissions to invoke Lambda functions.

Amazon managed policies grant permission to API actions without restricting the Lambda functions or layers that a user can modify. For finer-grained control, you can create your own policies that limit the scope of a user's permissions.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Access permissions (permissions for other entities to access your functions)

Function access