AWS Lambda (IAM)

aws compute

AWS Lambda lets you run code without provisioning or managing servers, scaling automatically.

Common permissions

lambda:CreateFunctionlambda:DeleteFunctionlambda:InvokeFunctionlambda:GetFunctionlambda:ListFunctionslambda:UpdateFunctionCodelambda:TagResourcelambda:UntagResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:InvokeFunction",
        "lambda:GetFunction",
        "lambda:ListFunctions",
        "lambda:UpdateFunctionCode",
        "lambda:TagResource",
        "lambda:UntagResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid lambda:* — grants full control including deletion and modification of functions.
Avoid lambda:InvokeFunction without resource constraints — can lead to unintended invocations.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/lambda/lambda.json ↗

API

full doc /v1/iam/lambda