IAM Policy Lambda Execute
π¦ Overviewβ
This Terraform module provisions an IAM policy for AWS Lambda execution, enabling Lambda functions to run securely with logging and optional service access.
β Key Featuresβ
- Grants execution permissions for AWS Lambda
- Enables CloudWatch logging
- Built with least-privilege access design
- Includes tagging for clarity and governance
- Supports additional permissions for common Lambda integrations
πΌ Use Casesβ
- Attach to Lambda IAM roles to enable secure function execution
- Use as a baseline policy for all serverless apps
- Combine with Lambda layers or VPC access configurations
- Extend with additional managed policies for specific workloads
π₯ Input Variablesβ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region for deployment |
| policy_name | string | Name of the IAM policy |
| environment | string | Environment label for tagging (e.g., dev, prod) |
π€ Outputsβ
| Name | Description |
|---|---|
| policy_arn | ARN of the created IAM policy |
π Deployment Readinessβ
- β Compatible with Terraform 1.0+
- β Requires AWS Provider 5.x+
- π IAM permissions required:
iam:CreatePolicy,iam:DeletePolicy
π οΈ Example Usageβ
module "iam_policy_lambda_execute_deployment" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//identity/iam-policy-lambda-execute?ref=v1.0.0"
region = "us-east-1"
policy_name = "lambda-execution-policy"
environment = "dev"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
π§Ή Cleanupβ
Terraform Destroy:
terraform destroy
or
tofu destroy
Manual Deletion (for Production):
aws iam delete-policy --policy-arn <policy_arn>
Use aws iam list-policies to find the policy ARN if needed.
π‘οΈ Notesβ
This is a Level 1 identity module designed to pair with Lambda IAM roles.
Avoid overly broad permissionsβscope access to just what the Lambda function needs.
Best used alongside logging, VPC access, or other runtime policies in larger serverless deployments.
π Deployment Package Noticeβ
This module is part of the Level 1 AWS License Tier.
To access the full deployment package and source code, subscribe to Archiphire.