In account 1 sign in to the AWS Management Console as an IAM user or role in your AWS account, and open the IAM console at https://console.aws.amazon.com/iam/
Click Roles on the left, then create role
AWS service will be pre-selected, select Lambda, then click Next: Permissions
Do not select any managed policies, click Next: Tags
Click Next: Review
Enter Lambda-List-S3-Role for the Role name then click Create role
From the list of roles click the name of Lambda-List-S3-Role
Click Add inline policy, then click JSON tab
Replace the sample json with the following
Replace account1 with the AWS Account number (no dashes) of account 1
Replace bucketname with the S3 bucket name from account 2
Then click Review Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "S3ListBucket",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::bucketname"
},
{
"Sid": "logsstreamevent",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:us-east-1:account1:log-group:/aws/lambda/Lambda-List-S3*/*"
},
{
"Sid": "logsgroup",
"Effect": "Allow",
"Action": "logs:CreateLogGroup",
"Resource": "*"
}
]
}
Name this policy Lambda-List-S3-Policy, then click Create policy