Create IAM Policies and Roles

Since you are already at the IAM dashboard for the last step, now headed to the policies and create one for the execution role

1. Create a policy for the execution role

   • First click Create policy

   

   • Click the json format and paste the following into the Policy editor and click Next

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "EC2Snapshot",
               "Effect": "Allow",
               "Action": [
                   "ec2:AuthorizeSecurityGroupIngress",
                   "ec2:Describe*",
                   "logs:CreateLogStream",
                   "ec2:CreateSecurityGroup",
                   "ec2:CreateTags",
                   "ec2:CreateSnapshots",
                   "ec2:CreateSnapshot",
                   "ec2:ModifyInstanceAttribute",
                   "ec2:StopInstances",
                   "logs:CreateLogGroup",
                   "logs:PutLogEvents"
               ],
               "Resource": "*"
           }
       ]
   }
   

   • The result should be like this.

   

   • Name the policy : ec2instance-containment-with-forensics-policy and leave the rest unchanged, then Create policy.

   

2. Create the execution role for the Lambda Function

   • Still in the IAM dashboard, head to the roles in the left side panel, Select Create role

   

   • The default Trusted entity type should be AWS service.
   • Under Service or use case, Select Lambda and click Next.

   

   • Add the prior created ec2instance-containment-with-forensics-policy policy and click next.

   

   • Name the Role ec2instance-containment-with-forensics-role and leave every unchanged, click Create Role.

   

If you done with that go to the next step which is Create Lambda Function