Which policy to grant to IAM user to create lambda deployment package in Python?

Question

I want to create a lamba deployment package in python (with dependencies) using the Amazon tutorial.

When I push the .zip package with

aws lambda update-function-code --function-name my-function --zip-file fileb://function.zip

I get the following error

An error occurred (AccessDeniedException) when calling the UpdateFunctionCode operation: 
User: arn:aws:iam::<ACCOUNT-ID>:user/jeanclaude is not authorized to perform: lambda:UpdateFunctionCode 
on resource: arn:aws:lambda:eu-west-3:<ACCOUNT-ID>:function:my-function

Which policy should I grant to jeanclaude to give him the correct access?

Answer 1

• The User created in AWS IAM which is configured with your AWS CLI using access_key and secret_key should have enough privileges to interact with AWS Lambda.
• I would prefer AWSLambdaFullAccess policy attached to your User/Role. This is just for testing purpose and later you can reduce the privileges if you want.
• Once you have done the above then if you run the command

aws lambda update-function-code --function-name "helloworld" --zip-file "fileb://./helloworld.zip" --region "eu-west-2"

it should work, note that for update-function-code mandatory field is just the --function-name other fields are optional.aws cli update-fuction-code

• Also please take a note of the create-function command it has just the following fields as mandatory and all other are optional aws cli docs

 create-function
--function-name <value>
--runtime <value>
--role <value>
--handler <value>

and the --role here is the role required by the lambda while executing to interact with other services (not to be confused by the user above)