I have created a lambda function in AWS for the purpose of accessing resources based on a lookup.
For example: I want to query a dynamoDB table FOO_BAR for a customer FOO via the API Gateway.
The request comes in, I identify its table FOO that's required and I want to be able to apply a policy to my current lambda function/session that will grant access to the FOO_BAR table.
My problem is: for the lambda function to be able to query table FOO_BAR, the execution role configured when creating the lambda function needs to have read access and I don't want to grant any wild card access to this role.
The API used goes through a custom authorizer and here I have applied a policy to access the APIs; I was also hoping that I could get my lambda function to also inherit the policy generated by the custom Authorizer.
Can you dynamically grant permissions to a lambda function to access resources?
Thanks!