I have to create a user in AWS to programmatically invoke my lambda function. The only functionality that I expect from this user is that but when it comes to giving permission to the user, I'm having a hard time picking the right one as there is so many of them.
I can just assign the AWSLambda_FullAccess policy and move on but I don't want to give more than necessary permissions. Is there a way that I can assign only the execution permission of that particular function to this user?
Create a custom policy with lambda:InvokeFunction permissions and attach it to user.
From Creating an IAM policy to access AWS Lambda resources - Amazon Aurora:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:<region>:<123456789012>:function:<example_function>"
}
]
}