Solution! The provided execution role does not have permissions to call CreateNetworkInterface on EC2

If you are trying to get an AWS Lambda added attached to a VPC, but get the error message:

The provided execution role does not have permissions to call CreateNetworkInterface on EC2

Then you can resolve this by adding a custom Inline Policy to the Lambda execution role under the Permissions tab.

How to fix this problem

Step 1

Under the Lambda you want to adjust, click Permissions and select the role under Execution role.

Click the link to open the role in IAM.

Step 2

Then click Add inline policy:

Step 3

Then click JSON:

Step 4

Now Add the JSON below into the textarea and click Review policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeNetworkInterfaces",
        "ec2:CreateNetworkInterface",
        "ec2:DeleteNetworkInterface",
        "ec2:DescribeInstances",
        "ec2:AttachNetworkInterface"
      ],
      "Resource": "*"
    }
  ]
}

Step 5

Finally provide a policy name and click Create policy:

Conclusion

You will now be able to attach your Lambda to a VPC without the error.

By following the above, you will have resolved the the provided execution role does not have permissions to call createnetworkinterface on ec2 error from before.

Sometimes, the above error is directly seen on AWS Lambda itself, this will then be shown to you as lambda the provided execution role does not have permissions to call createnetworkinterface on ec2.

The good news is that the same guide above will resolve all createnetworkinterface on ec2 permission` issues.

Tags:
5 3 votes
Article Rating
Subscribe
Notify of
guest
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Joe Bloggs
3 months ago

Thanks Dude