The first thing we should talk about is execution policies. These policies are attached to a service-linked role and define what AWS resources can be accessed by that role. The policy itself follows the same syntax as an IAM policy and works the same way. When creating a Lambda function, you're given a choice of attaching an existing IAM role or creating a new one. You can always modify the configuration to use a different role after creating the function, if you like.

When attaching a role to a Lambda function, we are defining exactly what AWS resources the function code has access to while it is running. To see an example of an execution policy, we need to create a role.

To create an execution role, perform the following ...