Adding watermark to image uploaded to Amazon S3 using AWS Lambda > Creating an IAM role for Lambda function > Create IAM Policy

Create IAM Policy

Access the AWS Management Console interface:

Look for IAM and click on the service to go to the IAM Console.

Within the IAM console interface:

On the right menu, locate and click on Policies
Then click on Create Policy

Follow these steps to create an IAM Policy that allows access to CloudWatch Logs and the S3 bucket we’ve created:

On the Specify Permissions window, choose JSON for our policy editor.
You can also use the Visual Editor to specify permission but it is usually prone to mistakes, so review carefully before creating policy.

Copy the JSON policy below to the clipboard.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogStream",
        "logs:CreateLogGroup",
        "logs:PutLogEvents"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::YOUR-BUCKET-NAME",
        "arn:aws:s3:::YOUR-BUCKET-NAME/*"
      ]
    }
  ]
}

Replace YOUR-BUCKET-NAME with the actual name of your bucket that you’ve copied before.
Click on Next
Enter the policy name as LambdaWatermarkS3
Review the policy permission and click on Create policy

Completed the process of creating the IAM Policy

In the policy list, filter by name LambdaWatermarkS3 or by type Customer managed, you should find the new policy has been created

Next, let’s create an IAM Role and attach this policy.