Setting up the AWS Lambda role for Amazon Redshift
Creating the role
The AWS Lambda function that Tonic Structural sets up requires an AWS role. The name of this role is set by the following environment setting:
The policy for this role should look like this:
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes",
"sqs:SendMessage",
"sqs:DeleteMessage",
"logs:CreateLogGroup",
"logs:PutLogEvents"
"logs:CreateLogStream",
],
"Resource": [
"arn:aws:sqs:*:<aws account id>:tonic-*",
"arn:aws:s3:::tonic-*",
"arn:aws:logs:*:*:*"
]
}]
}
The above policy grants the Lambda function the required access to Amazon SQS, Amazon S3, and CloudWatch.
This policy assumes that the S3 buckets and Amazon SQS queues that are used begin with the tonic- prefix.
Enabling Lambda to assume the role
After you create the role, you must allow the Lambda service to assume the role.
For the role, the Trust relationships in the AWS IAM role should be configured to look like the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}