'Check IAM permissions of caller in AWS Lambda

I have dozens of services each requiring access to their corresponding secret in AWS Secrets Manager. I have implemented a solution of granular permissions to IAM roles of services so that each can access only their credentials. This creates neatly a least access pattern to services.

I want to implement an AWS Lambda to abstract away access to Secrets Manager secrets. If I have only one Lambda (per environment), how can I check that the IAM role invoking the lambda has permissions to access a particular secret? So to exclude the case of a service requesting access to another service's credentials.

I can always create one lambda per service and assign permissions to each service to only invoke their lambda (which only accesses the corresponding secret), but this seems quite inelegant...

aws-lambdaaws-secrets-managertime-seriesimbalanced-datasmote


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function