Iorad
Below is an embedded iorad tutorial...
Shows how to use the visual editor in aws console to add permissions to the default lambda exeuction role to read secrets from the parameter store.
Here's an interactive tutorial
Below is an embedded iorad tutorial...
13 STEPS
1. Click on your aws execution role link
2. On the role detail view, click Add inline policy
3. In Select a service, click Service
4. In the service input, type some or all of Systems Manager
5. Click the Systems Manager link
6. Scroll down to Actions, then expand Read
7. Check these 4 checkboxes permissions:
GetParameter
GetParameterHistory
GetParameters
GetParametersByPath
8. Click to expand the Resources accordion
9. Check Any in this account. This will ensure that your policy has read access to any parameter in the parameter store.
10. Click Review policy
11. Specify a name – eg: read_any_stored_secret_from_parameter_store
12. Click Create policy
13. Confirm that the new policy is added to your role's permissions policies.
https://www.iorad.com/player/1752320/How-to-add-an-inline-policy-to-an-aws-role