Create IAM Role for Lambda

Overview

In this step, you will create a dedicated IAM Role so that Lambda functions in the Serverless Invoice Scanner system can access AWS services such as Amazon Textract, Amazon Bedrock, Amazon DynamoDB, Amazon S3, and CloudWatch Logs.

Step 1: Access the IAM Console

  1. Open the AWS Management Console in Incognito mode to avoid session conflicts if you’re logged in with multiple accounts.

  2. Search for and select IAM in the search bar.

Open IAM

  1. In the left navigation pane, choose Roles, then click Create role.

Create Role

Step 2: Configure Role for Lambda

  1. Trusted entity type: select AWS service
  2. Use case: select Lambda

Select Lambda Use Case

  1. Click Next to proceed.

Click Next

Step 3: Attach Permissions to the IAM Role

  1. In the Add permissions step, search for and check the following policies:

    • AmazonS3FullAccess
    • AmazonDynamoDBFullAccess
    • AmazonTextractFullAccess
    • AmazonBedrockFullAccess
    • AWSLambdaBasicExecutionRole

AmazonS3FullAccess
AmazonDynamoDBFullAccess
AmazonTextractFullAccess
AWSLambdaBasicExecutionRole

  1. Click Next to continue.

Click Next

Step 4: Name and Finish

  1. Role name: LambdaExecutionRole-AIInvoiceScanner
  2. Description: Role for Lambda to access S3, Textract, Bedrock, DynamoDB, and CloudWatch

Name Role

  1. Click Create role to finish.

Create Role

  1. After creation, go to the Roles section in the IAM Console. You will see the LambdaExecutionRole-AIInvoiceScanner listed.

Check Role Details