Skip to main content
McAfee MVISION Cloud

Before you Begin: Lambda Prerequisites

Before you can begin to use Lambda to create custom rules, you need to update the IAM role that grants MVISION Cloud permissions, and you'll need to update permissions to allow a trust relationship so MVISION Cloud can assume a role in your S3 buckets.

Update IAM Role

Copy and paste the following JSON to update the IAM role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1510661968000",
            "Effect": "Allow",
            "Action": [
                "lambda:CreateFunction",
                "lambda:DeleteFunction",
                "lambda:GetFunction",
                "lambda:GetFunctionConfiguration",
                "lambda:InvokeFunction",
                "lambda:ListFunctions",
                "lambda:UpdateFunctionCode",
                "lambda:UpdateFunctionConfiguration",
                "iam:PassRole"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

 

Edit Trust Relationship

Invoking functions in Lambda and uploading scripts requires additional permissions to be assigned to the MVISION Cloud role in IAM.

  1. Navigate to IAM and create a new policy called SHN_Lambda.
  2. Copy and paste the following JSON to edit the trust relationship.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::522462218264:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "997131"
        }
      }
    }
  ]
}
  • Was this article helpful?