lift icon indicating copy to clipboard operation
lift copied to clipboard

Published 20 hours ago verified publisher icon getlift

Lift cannot use exported Role

Open Setitch opened this issue 2 years ago • 3 comments

Description

I have several files for deploying the api to the aws.

  1. Base file - with roles, and some common data (response resources, default errors etc)
  2. One File - which import some of the roles, but also creates new role for queues (and exports it), and uses lift to create queues with that role
  3. Second File - which need to work with same queues (the ones from One File) but it can, because lift cannot find the exported role. (All other things works properly, just not the parts based on lift - as for some reason it cannot use imported role at all)

How to Reproduce

File One

service: one-api
  provider: aws
  runtime: nodejs14.x
  versionFunctions: false
  iam:
    role:
      Fn::ImportValue: DefaultRoleForLambdas
  apiGateway
    restApiId:
      Fn::ImportValue: ApiGatewayRestApiId
......
resources:
  - ${file(... file with role definition and its export) # role is named:  DefaultRoleForSQSAccess

constructs:
  queueToExport:
    type: queue
    worker:
      timeout: 20
      handler: file-with-handler.handler
      role: DefaultRoleForSQSAccess

plugins:
  - serverless-esbuild
  - serverless-offline
  - serverless-prune-plugin
  - serverless-lift

And now in other service that needs this one to be deployed earlier we have

service: two-api
  provider: aws
  runtime: nodejs14.x
  versionFunctions: false
  iam:
    role:
      Fn::ImportValue: DefaultRoleForSQSAccess
  apiGateway
    restApiId:
      Fn::ImportValue: ApiGatewayRestApiId
......
# We cannot define DefaultRoleForSQSAccess role here, becasue its already devined in other place, thats why we only imported it earlier

# Here is error, as DefaultRoleForSQSAccess is totally unknown for lift But if we remove it, we cannot access in any lambda this queue, as we cannot fetch its address
constructs:
  queueToExport:
    type: queue
    worker:
      timeout: 20
      handler: file-with-handler.handler
      role: DefaultRoleForSQSAccess

plugins:
  - serverless-esbuild
  - serverless-offline
  - serverless-prune-plugin
  - serverless-lift

Additional Information

No response

Setitch avatar Sep 22 '22 08:09 Setitch

What is the problem? Do you get an error? If so, what is the error?

mnapoli avatar Sep 22 '22 08:09 mnapoli

The error: Fn::Get cannot find undefined of DefaultRoleForSQSAccess

Setitch avatar Sep 22 '22 08:09 Setitch

Exact error: The CloudFormation template is invalid: Template error: instance of Fn::GetAtt references undefined resource DefaultRoleForSQSAccess

Setitch avatar Sep 22 '22 08:09 Setitch