1. Home
  2. FlexRule Designer
  3. Publishing a Project
  4. Deploy as an AWS Lambda
  5. How to Setup and Retrieve Deployment Configurations for AWS Lambda

How to Setup and Retrieve Deployment Configurations for AWS Lambda

◷ Reading Time: 5 minutes

There are two ways to go about creating/retrieving your Access Key Id and Secret.
1. From the My Security Credentials for Root Users
2. From the Identity and Access Management (IAM) page for IAM Users

You must be logged in to AWS Management Console in order to do this.

Root Users

On the landing page, click on your account name then select My Security Details.

Next, click on the Access keys (access key ID and secret access key) accordion tab to expand. Then click Create New Access Key.

A pop-up message will notify that you have successfully created an Access Key.

Make sure to download the Key File as the Secret Access Key will never be shown in the AWS Management Console.

IAM Users

A Root User is allowed to create IAM users to represent the person or application to interact with AWS.

To know more, check the AWS Identity and Access Management page.

On the AWS Management Console, click on the Services menu (upper left side). From the list of All Services, look for Security, Identity, & Compliance . Underneath it click on IAM.

In order for an IAM User to successfully deploy an AWS Lambda, you will need to create a custom policy. On the Identity and Access Management (IAM) page, click Policies (under the Access management menu) then click Create Policy.

Skip this part if you have already created this policy before.

On the Create Policy page, click on the JSON tab and copy-paste the code below. Replace the {AWS_ACCOUNT_ID} with your AWS account id (found on My Account).

AWS account id found on My Account
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "apigateway:DELETE",
                "apigateway:UpdateRestApiPolicy",
                "apigateway:PUT",
                "apigateway:PATCH",
                "sts:GetAccessKeyInfo",
                "sts:GetCallerIdentity",
                "apigateway:POST",
                "apigateway:GET"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "lambda:InvokeFunction",
            "Resource": "arn:aws:lambda:*:{AWS_ACCOUNT_ID}:function:*"
        }
    ]
}

On the review section of the create Policy, set the name to FlexRule_Lambda_Access.

Now, on the Identity and Access Management (IAM) page again, click Users (under the Access management menu) then click Add user.

Provide User name and set Access type to Programmatic access.

Add appropriate Permissions by selecting Attach existing policies directly and search for: AmazonS3FullAccess, FlexRule_Lambda_Access, AWSLambda_FullAccess

Proceed to the next steps, at the end you will see a Success page that shows the Access Key Id and Secret of the IAM user.

Troubleshoot

If you get any permission errors when deploying,

1. Ensure that you have provided all the necessary permissions to the user.

2. Ensure that you have added your account ID under the policy, FlexRule_Lambda_Access.

Updated on June 3, 2021

Was this article helpful?

Related Articles