diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py index 695878d26..def93c02e 100644 --- a/samtranslator/model/sam_resources.py +++ b/samtranslator/model/sam_resources.py @@ -198,6 +198,10 @@ def _construct_role(self, managed_policy_map): managed_policy_arns = [ArnGenerator.generate_aws_managed_policy_arn('service-role/AWSLambdaBasicExecutionRole')] if self.Tracing: managed_policy_arns.append(ArnGenerator.generate_aws_managed_policy_arn('AWSXrayWriteOnlyAccess')) + if self.VpcConfig: + managed_policy_arns.append( + ArnGenerator.generate_aws_managed_policy_arn('service-role/AWSLambdaVPCAccessExecutionRole') + ) function_policies = FunctionPolicies({"Policies": self.Policies}, # No support for policy templates in the "core" diff --git a/tests/translator/output/aws-cn/globals_for_function.json b/tests/translator/output/aws-cn/globals_for_function.json index 59bd1987a..863f3c0e4 100644 --- a/tests/translator/output/aws-cn/globals_for_function.json +++ b/tests/translator/output/aws-cn/globals_for_function.json @@ -4,8 +4,9 @@ "Type": "AWS::IAM::Role", "Properties": { "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess", + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ], "Tags": [ { @@ -105,8 +106,9 @@ "Type": "AWS::IAM::Role", "Properties": { "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess", + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ], "Tags": [ { diff --git a/tests/translator/output/aws-us-gov/globals_for_function.json b/tests/translator/output/aws-us-gov/globals_for_function.json index 01488e250..e0155b637 100644 --- a/tests/translator/output/aws-us-gov/globals_for_function.json +++ b/tests/translator/output/aws-us-gov/globals_for_function.json @@ -5,7 +5,8 @@ "Properties": { "ManagedPolicyArns": [ "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess", + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ], "PermissionsBoundary": "arn:aws:1234:iam:boundary/OverridePermissionsBoundary", "Tags": [ @@ -106,7 +107,8 @@ "Properties": { "ManagedPolicyArns": [ "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess", + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ], "PermissionsBoundary": "arn:aws:1234:iam:boundary/CustomerCreatedPermissionsBoundary", "Tags": [ diff --git a/tests/translator/output/globals_for_function.json b/tests/translator/output/globals_for_function.json index 4c48fba38..47d1342fa 100644 --- a/tests/translator/output/globals_for_function.json +++ b/tests/translator/output/globals_for_function.json @@ -5,7 +5,8 @@ "Properties": { "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ], "PermissionsBoundary": "arn:aws:1234:iam:boundary/OverridePermissionsBoundary", "Tags": [ @@ -106,7 +107,8 @@ "Properties": { "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", + "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ], "PermissionsBoundary": "arn:aws:1234:iam:boundary/CustomerCreatedPermissionsBoundary", "Tags": [