admin管理员组

文章数量:1122832

I am trying to access a parameter in the Parameter Store from an AWS Lambda Function. According to the documentation, I need the GetParameter permission, but can't seem to find it.

The AWS Identity and Access Management (IAM) role used to run the function must have the following permissions to interact with Parameter Store:
ssm:GetParameter – Required to retrieve parameters from Parameter Store

I go to IAM > Roles and select the role. Click "add permissions - attach policies" and then search for "getparameter" and find nothing.

I am trying to access a parameter in the Parameter Store from an AWS Lambda Function. According to the documentation, I need the GetParameter permission, but can't seem to find it.

The AWS Identity and Access Management (IAM) role used to run the function must have the following permissions to interact with Parameter Store:
ssm:GetParameter – Required to retrieve parameters from Parameter Store

I go to IAM > Roles and select the role. Click "add permissions - attach policies" and then search for "getparameter" and find nothing.

  • amazon-web-services
  • aws-lambda
  • amazon-iam
Share Improve this question asked Nov 22, 2024 at 15:18 PrimicoPrimico 2,4154 gold badges31 silver badges40 bronze badges 2
  • 1 Sounds like you should start learning IAM first. You need to attach a policy, some policies contain statements that grant the relevant permissions, some of them are named based on the target service, some are named based on the general permissions model. Additionally you can and should create your own policies granting exactly the required permissions and nothing else. docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.html – luk2302 Commented Nov 22, 2024 at 15:30
  • Here's an example workflow but a good grounding in IAM is critical to use of AWS. In case it's helpful try AWS IAM Overview in 7 minutes and AWS Lambda and Secrets Manager Tutorial. – jarmod Commented Nov 22, 2024 at 17:30
Add a comment  | 

1 Answer 1

Reset to default 1

The issue is that ssm:GetParameter is a specific permission rather than a standalone policy (a Policy has one or many permissions, with Allow or Deny Effects). This means you won’t find it directly when searching among AWS managed policies in the “Attach Policy” interface.

Here’s how you can solve this out:

Create a Custom Inline Policy for the Role to grant ssm:GetParameter explicitly to the IAM role associated with your Lambda function:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ssm:GetParameter",
            "Resource": "arn:aws:ssm:REGION:ACCOUNT_ID:parameter/YOUR_PARAMETER_NAME"
        }
    ]
}

Or if you want to add an AWS predefine policy, you can search for AmazonSSMReadOnlyAccess Managed Policy and add it

本文标签: amazon web servicesHow to grant ssmGetParameter permission to an IAM role in AWSStack Overflow

版权声明:本文标题:amazon web services - How to grant ssm:GetParameter permission to an IAM role in AWS - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736302831a1931672.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。