How to create Resource based policy?

How to create a Resource based policy statement using Terraform? I have tried using aws_iam_role , aws_lambda_permission and didn’t worked out. Throwing me errors as malformed statements principal is not allowed? Please share a sample code to create a resource based policy statement for aws lambda.

Hi @anvesh.kothapelly,

I’m not familiar with this specific service, but I do know that resource-based policies are usually configured as part of the API that the resource belongs to, rather than as part of the IAM API, and so I would try to find a resource type related to Lambda that seems to be related to access control.

aws_lambda_permission seems to have something to do with granting access to Lambda functions but it seems focused only on dealing with trust policies from other AWS services, and not for arbitrary principals.

The relevant AWS documentation suggests that Lambda does not support arbitrary IAM policy documents for resource-based policies, and instead the Lambda service generates an IAM policy itself based on the higher-level “permissions” abstraction:

You can only update resource-based policies for Lambda resources within the scope of the AddPermission and AddLayerVersionPermission API actions. Currently, you can’t author policies for your Lambda resources in JSON, or use conditions that don’t map to parameters for those actions.

This suggests to me that what you want to achieve is not currently possible and that this “permissions” resource type is the only way to (indirectly) specify a resource-level policy for a Lambda function. You may wish to contact AWS support for confirmation of that, and to share your use-case with them so that they might support it in future. Terraform can typically only support what the underlying API supports.

Thank you @apparentlymart for your inputs.