Comments (7)
Ok. Thanks for the clarification. I think this can be fixed easily. Will check this out soon.
from serverless-iam-roles-per-function.
@buggy thanks for the workaround suggestion. Anyway, I just published a new version (0.1.9) which should fix this issue.
from serverless-iam-roles-per-function.
Hi @jogold ,
The second function should be getting its own iam role as it has an iamRoleStatements defined. The role will only include the permissions defined as part of iamRoleStatements clause and also permission to write to its cloudwatch logs group. It will not include vpc permissions, as the function doesn't have vpc settings defined.
Hope this makes sense. If you are still having issues run the following:
serverless package
Then include in the bug the full serverless.yml
file and the file: .serverless/cloudformation-template-update-stack.json
from serverless-iam-roles-per-function.
I just read your description again. I think I might have mis-understood your issue. If I understand correctly you want the plugin to create a per function role for the first and third function even though there are no specific permissions defined in iamRoleStatements. The issue is not with the second function but with the first and third not receiving a per function role when using iamRoleStatements: []
. Am I correct?
from serverless-iam-roles-per-function.
Hi @glicht,
Yes, the issue is with the first and third function not receiving a per function role and the fact that even when using iamRoleStatements: []
it doesn't work.
from serverless-iam-roles-per-function.
I think something like this should do the trick
custom:
defaultIamRoleStatements: &defaultIamRoleStatements
# Put your default IAM statements here
functions:
firstFunction:
handler: functions/firstFunction.handler
iamRoleStatements:
<<: *defaultIamRoleStatements
secondFunction:
handler: functions/secondFunction.handler
iamRoleStatements:
- Effect: Allow
Action: sns:Publish
Resource: '*'
thirdFunction:
handler: functions/thirdFunction.handler
iamRoleStatements:
<<: *defaultIamRoleStatements
vpc:
securityGroupIds:
- sg-xxxxxx
subnetIds:
- subnet-xxxx
- subnet-xxxxx
from serverless-iam-roles-per-function.
Thanks @glicht!
from serverless-iam-roles-per-function.
Related Issues (20)
- Global Role Name is not in expected format HOT 1
- Adding disableLogs: true to lambda config makes plugin throw an error HOT 3
- Allow tagging the IAM role
- Aws Lambda is not authorized to perform: SNS:Publish on resource: +358
- How can we acheive IAM path per function? HOT 2
- Is it possible to attach managed policy? HOT 3
- The plugin serverless-iam-roles-per-function isn't being recognized HOT 1
- Define iamGlobalPermissionsBoundary in the .yml?
- Typescript definitions? HOT 3
- Configuration error: at 'provider.iam.role.statements.1.Action.0': must be string HOT 1
- Conform to SLS v3 `iam` format? HOT 1
- Throws error when using 'disableLogs' on functions
- iamGlobalPermissionsBoundary is required, but not read HOT 1
- Deprecation warning: provider.iamRoleStatements" -> "provider.iam.role.statements HOT 5
- defaultInherit does not work HOT 4
- auto-generated role name too long, but managing manual role names too brittle HOT 2
- Role inheritance seems broken with provider.iam.role.statements HOT 2
- Overides iamManagedPolicies even with iamRoleStatementsInherit flag HOT 4
- Serverless Framework v3: integrating with the new design HOT 1
- Fine grained access control using leading keys in dynamo
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-iam-roles-per-function.