Comments (5)
I just found that it is doing the same if I use the classic iamRoleStatements in the main provider. Is It an serverless issue or we cannot do what I want to do ? (I was using before an role that I created manually)
from serverless-iam-roles-per-function.
Not sure I fully understand your issue. If you can provide reference to a simple demo project, I think it can help. Anyway, as it sounds like an issue which is also relevant for provider level statements, it is probably best to try to bring this up with the serverless framework.
from serverless-iam-roles-per-function.
@glicht Thanks ! I will try to ask on the serverless community too, it is maybe a missunderstanding of myself :
service: serverless-function
provider:
name: aws
runtime: python3.6
region: us-east-1
cfLogs: true
functions:
post:
handler: handler.post
memorySize: 512
timeout: 60
iamRoleStatements:
- Effect: "Allow"
Action:
- lambda:InvokeFunction
Resource:
- arn:aws:lambda:us-east-1:###
- arn:aws:lambda:eu-west-1:###
If I am using this code above or below :
service: serverless-function
provider:
name: aws
runtime: python3.6
stage: prod
region: us-east-1
iamRoleStatements:
- Effect: "Allow"
Resource:
- arn:aws:lambda:us-east-1:###
- arn:aws:lambda:eu-west-1:###
Action:
- "lambda:InvokeFunction"
Both the final ARN on the AWS IAM will become arn:aws:lambda:us-east-1:### and arn:aws:lambda:us-east-1:### because the function is in the region us-east-1, how can we have ARNS from differents regions of the actual region of the function ? I can see that the cloud formation template automatically replace the regions with {AWS::Region}. But can we disable this ?
Thanks !
from serverless-iam-roles-per-function.
Are you using the plugin: serverless-pseudo-parameters
? If so, i think that plugin does this replacement of region automatically.
from serverless-iam-roles-per-function.
@glicht Oh yes you were right, my issue was coming from this plugin... Thanks a lot for your time and your plugin !
from serverless-iam-roles-per-function.
Related Issues (20)
- Global Role Name is not in expected format HOT 1
- Adding disableLogs: true to lambda config makes plugin throw an error HOT 3
- Allow tagging the IAM role
- Aws Lambda is not authorized to perform: SNS:Publish on resource: +358
- How can we acheive IAM path per function? HOT 2
- Is it possible to attach managed policy? HOT 3
- The plugin serverless-iam-roles-per-function isn't being recognized HOT 1
- Define iamGlobalPermissionsBoundary in the .yml?
- Typescript definitions? HOT 3
- Configuration error: at 'provider.iam.role.statements.1.Action.0': must be string HOT 1
- Conform to SLS v3 `iam` format? HOT 1
- Throws error when using 'disableLogs' on functions
- iamGlobalPermissionsBoundary is required, but not read HOT 1
- Deprecation warning: provider.iamRoleStatements" -> "provider.iam.role.statements HOT 5
- defaultInherit does not work HOT 4
- auto-generated role name too long, but managing manual role names too brittle HOT 2
- Role inheritance seems broken with provider.iam.role.statements HOT 2
- Overides iamManagedPolicies even with iamRoleStatementsInherit flag HOT 4
- Serverless Framework v3: integrating with the new design HOT 1
- Fine grained access control using leading keys in dynamo
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-iam-roles-per-function.