Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating an IAM Role for the Lambda function

 

You need to create and configure a CloudWatch Events rule to get AWS Security Hub events and forward the events to the CloudWatch Logs. To do that you need to create an IAM role for the Lambada function.

  1. Go to your IAM console (https://console.aws.amazon.com/iam/).
  2. Select Roles from the navigation pane.
  3. If you have an existing role or roles, select the role name that you want to associate with the Lambda function and complete the following steps:

    1. Expand the Policy name and then click Edit policy

    2. Click the JSON tab and then verify that the JSON entry matches the following JSON entry:

  4. If you don't have an existing role, click Create role.
  5. From the list of service or services that use the role, select Lambda.
  6. Click Next: Permissions, and then select an appropriate policy.
  7. Click Next: Review, and then type a role name in the Role name field. If you want, you can type a description in the Role description field.
  8. Click Create role, and then select the new rule that you created.
  9. If you want to add an existing policy, complete the following steps:

    1. Click Attach policies.

    2. Expand the Policy name and then click Edit policy

    3. Click the JSON tab and then verify that the JSON entry matches the following JSON entry:

  10. Click Attach policy.
  11. If you want to add a new policy, complete the following steps:

    1. Click Add inline policy.

    2. Click the JSON tab, and then copy and paste the following JSON entry:

  12. Click Review Policy, and then type a name for the policy.
  13. Click Create policy.
  14. Verify that the role has the trust relationship. Click the Trust relationships tab.
  15. Click Edit trust relationship and verify the following trust relationship:

Related Documentation