Create IAM role

On the AWS Console page, click on the IAM link under the Security, Identity & Compliance section (or search for IAM).

Create role

On the IAM Page, click on the Roles menu item in the left.

On the roles page, click on the Create role button.

On the next screen, select Lambda as the service which will use this role and then click on the Next: Permissions button.

Create role

On the permission page, search for the AmazonSSMReadOnlyAccess role and select it. You are providing this role, read only access to AWS System Manager in order to fetch the parameters from the parameter stores. Click on the Next: Review button.

Create role

On the review page, enter a suitable role name, for example DojoLambdaRole and then click on the Create Role button.

Create role

The role is created. Please remember this role name because you will need this information later in the exercises.