Created
February 3, 2020 09:05
-
-
Save sdomagala/a647a69f0dd87af545d7c45dfc7b0114 to your computer and use it in GitHub Desktop.
Change Trust Policy in Serverless IAM Role (or any other params other than policy)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## all other serverless.yml configuration | |
| functions: | |
| # your functions | |
| provider: | |
| name: aws | |
| # your provider config | |
| resources: | |
| Resources: | |
| IamRoleLambdaExecution: # has to be this exact name, https://serverless.com/framework/docs/providers/aws/guide/resources/ | |
| Type: AWS::IAM::Role | |
| Properties: | |
| AssumeRolePolicyDocument: # OVERWRITE assume role policy, rest is populated by serverless | |
| Version: "2012-10-17" | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: | |
| - lambda.amazonaws.com | |
| AWS: | |
| - arn:aws:iam::123456789:root | |
| - arn:aws:iam::012345678:root | |
| Action: sts:AssumeRole |
Is this approach necessary if one is trying to set roles for a resource other than lambda that is created in custom resources? I'm trying to link an Eventbridge rule to other targets and running into what I think are permissions errors, but I have been unable to explicitly set the resource policies. See question here: https://forum.serverless.com/t/permissions-for-custom-resource-directing-eventbridge-events-to-targets/17241
bardzo dziękuję kolego!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@ezmiller it means that those AWS accounts can assume roles, but it's not something required - this whole block of
AssumeRolePolicyDocumentis just an example of how you can overwrite trust policy, so change it to whatever you need. Here is the CloudFormation reference