Iorad

Below is an embedded iorad tutorial...

Shows how to use the visual editor in aws console to add permissions to the default lambda exeuction role to read secrets from the parameter store.

13 STEPS

1. Click on your aws execution role link

Step 1 image

2. On the role detail view, click Add inline policy

Step 2 image

3. In Select a service, click Service

Step 3 image

4. In the service input, type some or all of Systems Manager

Step 4 image

5. Click the Systems Manager link

Step 5 image

6. Scroll down to Actions, then expand Read

Step 6 image

7. Check these 4 checkboxes permissions:
GetParameter
GetParameterHistory
GetParameters
GetParametersByPath

Step 7 image

8. Click to expand the Resources accordion

Step 8 image

9. Check Any in this account. This will ensure that your policy has read access to any parameter in the parameter store.

Step 9 image

10. Click Review policy

Step 10 image

11. Specify a name – eg: read_any_stored_secret_from_parameter_store

Step 11 image

12. Click Create policy

Step 12 image

13. Confirm that the new policy is added to your role's permissions policies. 

Step 13 image

Here's an interactive tutorial

https://www.iorad.com/player/1752320/How-to-add-an-inline-policy-to-an-aws-role