Comments (8)
The plugin doesn't support working with the role
property. You have the following in your provider sections: role: arn-for-deployment-role'
. Try removing this.
More info here: https://github.com/functionalone/serverless-iam-roles-per-function#more-info
from serverless-iam-roles-per-function.
Thanks for reporting this. I haven't managed to reproduce this with the yaml file you provided.
Are you able to deploy when using the same setup without the plugin (with a global role defined in the top level)?
from serverless-iam-roles-per-function.
Yes I was able to deploy when removing the plugin and defining a global role within provider
section instead.
I tried with a new serverless project that follows the same format (two functions, each with iamRoleStatements
field, iamRoleStatements
field within provider
, defaultInherit
set to true within custom
, and including the two additional plugins). Deploying that worked without any error, so I'll close this issue because it probably had something to do with my code and not this library.
Here are the relevant files for this new project I started to test with:
serverless.yml:
service: example-role-per-function
custom:
serverless-iam-roles-per-function:
defaultInherit: true
provider:
name: aws
runtime: nodejs6.10
iamRoleStatements:
- Effect: "Allow"
Action:
- xray:PutTelemetryRecords
- xray:PutTraceSegments
Resource: "*"
plugins:
- serverless-webpack
- serverless-prune-plugin
- serverless-iam-roles-per-function
functions:
hello:
handler: handler.hello
iamRoleStatements:
- Effect: "Allow"
Action:
- s3:PutObject
Resource: "arn:aws:s3:::my-bucket/*"
hello2:
handler: handler.hello2
iamRoleStatements:
- Effect: "Allow"
Action:
- s3:GetObject
Resource: "arn:aws:s3:::my-bucket/*"
package.json:
{
"name": "example-role-per-function",
"version": "1.0.0",
"description": "",
"main": "handler.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"babel-core": "^6.26.3",
"babel-loader": "^7.1.4",
"serverless-iam-roles-per-function": "^0.1.5",
"serverless-prune-plugin": "^1.3.0",
"serverless-webpack": "^5.1.5",
"webpack": "^4.8.1",
"webpack-node-externals": "^1.7.2"
}
}
handler.js:
'use strict';
module.exports.hello = (event, context, callback) => {
const response = {
statusCode: 200,
body: JSON.stringify({
message: 'Go Serverless v1.0! Your function executed successfully!',
input: event,
}),
};
callback(null, response);
};
module.exports.hello2 = (event, context, callback) => {
const response = {
statusCode: 200,
body: JSON.stringify({
message: 'Gooooooooo Serverless v1.0! Your function executed successfully!',
input: event,
}),
};
callback(null, response);
};
webpack.config.js:
const slsw = require("serverless-webpack");
const nodeExternals = require("webpack-node-externals");
module.exports = {
entry: slsw.lib.entries,
target: "node",
// Generate sourcemaps for proper error messages
devtool: 'source-map',
// Since 'aws-sdk' is not compatible with webpack,
// we exclude all node dependencies
externals: [nodeExternals()],
mode: slsw.lib.webpack.isLocal ? "development" : "production",
optimization: {
// We no not want to minimize our code.
minimize: false
},
performance: {
// Turn off size warnings for entry points
hints: false
},
// Run babel on all .js files and skip those in node_modules
module: {
rules: [
{
test: /\.js$/,
loader: "babel-loader",
include: __dirname,
exclude: /node_modules/
}
]
}
};
from serverless-iam-roles-per-function.
Thanks for the update. If you do manage to figure out what setup was causing this error, feel free to update this issue or open a new one.
from serverless-iam-roles-per-function.
@glicht I am facing the above issue. Tried @PatNeedham approach but still received same error.
from serverless-iam-roles-per-function.
@ankkho I can try to help but this is a weird one as it didn't reproduce. Please post your yaml file and the full output you receive when running sls deploy
.
from serverless-iam-roles-per-function.
@glicht Below is my serverless.yml and error log output.
serverless.yml
service: service-name
provider:
name: aws
runtime: nodejs8.10
stage: staging
profile: some-profile-name
region: ap-south-1 #Mumbai
memorySize: 128
timeout: 60
cfLogs: true
tracing: true
role: arn-for-deployment-role'
iamRoleStatements:
- Effect: "Allow"
Action:
- xray:PutTelemetryRecords
- xray:PutTraceSegments
Resource: "*"
deploymentBucket:
serverSideEncryption: AES256
vpc:
securityGroupIds:
- VPCSecurityGroupArn
subnetIds:
- PrivateSubnetA_Arn
- PrivateSubnetB_Arn
package:
individually: false
exclude:
- ./node_modules/**
- ./scripts/**
- ./test/**/**
- ./.eslintrc.json
- ./.gitlab-ci.yml
- ./testSchema.js
- ./cf-table-resource.json
- ./aws/tmp/**
include:
- ./meta.json
plugins:
- serverless-plugin-tracing
- serverless-prune-plugin
- serverless-plugin-scripts
- serverless-webpack
- serverless-dynamodb-local
- serverless-plugin-warmup
- serverless-offline
- serverless-iam-roles-per-function
custom:
serverless-iam-roles-per-function:
defaultInherit: true
functions:
functionA:
warmup: false
handler: handler.functionA
iamRoleStatements:
- Effect: "Allow"
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:BatchWriteItem
Resource: "arn:aws:dynamodb:ap-south-1:*:table/table-name"
Error Output from sls deploy
:
Type Error ---------------------------------------------
Cannot read property 'Properties' of undefined
For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.
Stack Trace --------------------------------------------
TypeError: Cannot read property 'Properties' of undefined
at ServerlessIamPerFunctionPlugin.createRoleForFunction (/Users/Ankit/projects/personal/sample-project/node_modules/serverless-iam-roles-per-function/src/lib/index.ts:186:21)
at ServerlessIamPerFunctionPlugin.createRolesPerFunction (/Users/Ankit/projects/personal/sample-project/node_modules/serverless-iam-roles-per-function/src/lib/index.ts:266:12)
at BbPromise.reduce (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/classes/PluginManager.js:391:55)
From previous event:
at PluginManager.invoke (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/classes/PluginManager.js:391:22)
at PluginManager.spawn (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/classes/PluginManager.js:409:17)
at Deploy.BbPromise.bind.then (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/plugins/deploy/deploy.js:117:50)
From previous event:
at Object.before:deploy:deploy [as hook] (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/plugins/deploy/deploy.js:107:10)
at BbPromise.reduce (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/classes/PluginManager.js:391:55)
From previous event:
at PluginManager.invoke (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/classes/PluginManager.js:391:22)
at PluginManager.run (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/classes/PluginManager.js:422:17)
at variables.populateService.then.then (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/Serverless.js:157:33)
at runCallback (timers.js:794:20)
at tryOnImmediate (timers.js:752:5)
at processImmediate [as _immediateCallback] (timers.js:729:5)
From previous event:
at Serverless.run (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/lib/Serverless.js:144:8)
at serverless.init.then (/Users/Ankit/.nvm-fish/v8.10.0/lib/node_modules/serverless/bin/serverless:44:28)
at <anonymous>
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information -----------------------------
OS: darwin
Node Version: 8.10.0
Serverless Version: 1.35.1
from serverless-iam-roles-per-function.
@glicht My bad! I've removed role: arn-for-deployment-role
it's working, Thanks!
from serverless-iam-roles-per-function.
Related Issues (20)
- Global Role Name is not in expected format HOT 1
- Adding disableLogs: true to lambda config makes plugin throw an error HOT 3
- Allow tagging the IAM role
- Aws Lambda is not authorized to perform: SNS:Publish on resource: +358
- How can we acheive IAM path per function? HOT 2
- Is it possible to attach managed policy? HOT 3
- The plugin serverless-iam-roles-per-function isn't being recognized HOT 1
- Define iamGlobalPermissionsBoundary in the .yml?
- Typescript definitions? HOT 3
- Configuration error: at 'provider.iam.role.statements.1.Action.0': must be string HOT 1
- Conform to SLS v3 `iam` format? HOT 1
- Throws error when using 'disableLogs' on functions
- iamGlobalPermissionsBoundary is required, but not read HOT 1
- Deprecation warning: provider.iamRoleStatements" -> "provider.iam.role.statements HOT 5
- defaultInherit does not work HOT 4
- auto-generated role name too long, but managing manual role names too brittle HOT 2
- Role inheritance seems broken with provider.iam.role.statements HOT 2
- Overides iamManagedPolicies even with iamRoleStatementsInherit flag HOT 4
- Serverless Framework v3: integrating with the new design HOT 1
- Fine grained access control using leading keys in dynamo
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-iam-roles-per-function.