I have a AWS lambda that is created to access an RDS postgresql instance and an elasticcache cluster. In order to access the RDS instance , I believe both RDS and Elasticache need to open up then inbound ports for the lambda to access. I have also seen policies that allow lambda to access elasticache and RDS. These policies are applied on to role that is assigned to AWS lambda. What is the purpose of role and security group in this scenario?
Security groups are more about network controls. You can look at them as a virtual firewall that controls the traffic.
They specify what inbound/outbound traffic to allow/disallow based on following criteria/filters
IAM Roles are more used to determine what the identity can and cannot do in AWS. Basically it is a set of permissions that grant access to actions and resources in AWS.
Example : Security group for Resource X says allow inbound traffic at port 1111 on HTTP protocol
Scenario 1 : Lambda which has an attached role to access Resource X, tries to communicate to Resource X on port 2222 on HTTP protocol, will fail. Because the security group for Resource X allows communication only over port 1111.
Scenario 2 : You do not attach any role to Lambda which to access Resource X. Now if it tries to communicate to Resource X on port 1111 on HTTP protocol, will fail. Because the despite trying to access resource X on correct port and protocol it lacks permissions to do so