I am writing up a AWS lambda function that will crunch some data and add it to a AWS timestream table. I get this error:
lambda-foobar is not authorized to perform: timestream:DescribeEndpoints because no identity-based policy allows the timestream:DescribeEndpoints action
I do not see any permission sets for AWS timestream. Should I create a new IAM role that has write permissions to AWS timestream and assign that role to my lambda as well? I am new to the world of Identity management in AWS and trying to wrap my head around configuring and attributing permissions.
During their executions, AWS lambda functions utilize an IAM role which determines which actions the lambda function is authorized to perform. This role is known as an Execution role.
You can find the role under "Permissions" in the "Configuration" pane.
For the API action that you are trying to run, you will need to make sure that the IAM role has the following policy included:
{
"Effect": "Allow",
"Action": [
"timestream:DescribeEndpoints"
],
"Resource": "*"
}
You can find more information on permissions for AWS lambda in the documentation.