===== IAM =====

The IAM role will be used to give our Lambda function permission to write to the SQS queue.
The role gets its permissions from a Policy.

Go to Security, Identity & Compliance - IAM.

Click "Policies"
  * Create policy
  * JSON

Enter the following, replacing the queue ARN(s) with your value(s):

<code>
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "sqs:GetQueueUrl",
                "logs:CreateLogStream",
                "sqs:SendMessage",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:sqs:Region:ID:QueueName1",
                "arn:aws:sqs:Region:ID:QueueName2",
                "arn:aws:logs:*:*:*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "logs:CreateLogGroup",
            "Resource": "arn:aws:logs:*:*:*"
        }
    ]
}
</code>

Click Review policy
  * Name: caliper_store
  * Create policy


Click "Roles"
  * Create role
  * Next: Permissions
  * Search for "caliper_store" and select it
  * Next: Review

Role name: caliper_store

Create Role