components icon indicating copy to clipboard operation
components copied to clipboard

Published 20 hours ago verified publisher icon serverless

AwsIamRole - it isn't possible to specify trust relationship policy document.

Open kzvankovich opened this issue 6 years ago • 2 comments

Currently it isn't possible to define trust relationship policy document for a role:

https://github.com/serverless/components/blob/765740cbfe74887d9028c94551cb86604f2598b2/registry/AwsIamRole/src/index.js#L97

Expected result:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "lambda.amazonaws.com",
          "apigateway.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::585857563047:role/externalRole"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

kzvankovich avatar Nov 19 '18 13:11 kzvankovich

@kostjazvankovich good point, we should probably update this component to more accurately reflect the AWS API. AwsIamRole should be separated from AwsIamPolicy and we should be able to specify which policies to attach to the role through a property.

brianneisler avatar Nov 27 '18 22:11 brianneisler

Works fine in 2.8.0, can be closed :)

m4t22 avatar Oct 20 '20 10:10 m4t22