dashboard-plugin icon indicating copy to clipboard operation
dashboard-plugin copied to clipboard

Published 20 hours ago verified publisher icon serverless

EnterpriseLogAccessIamRole specify in yml confi

Open Frikitrok opened this issue 5 years ago • 5 comments

HI, in my use case our IAM user have no permissions to create any role/policy so when i tried to switch to enterprise plugin deployment fails with:

API: iam:CreateRole User: arn:aws:iam::170605107983:user/****is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::170605107983:role/myproj-EnterpriseLogAccessIamRole-1NLBZ45NXH9LS

Is there a way to deploy it without this role? Or maybe i can create this role manual and then just specify in sls.yml file?

Frikitrok avatar Jul 24 '19 08:07 Frikitrok

Hi @Frikitrok I have added this into the teams backlog to triage

garethmcc avatar Jul 29 '19 06:07 garethmcc

same issue... here

mannharleen avatar Aug 26 '19 05:08 mannharleen

We have boundary policies around the majority of our roles. Creating roles is a limited function for a specific role. And I can't switch roles during the deploy. If I could specify a role that already had the needed log permissions, it would be helpful.

carltonlee1 avatar Oct 22 '19 20:10 carltonlee1

Has this been fixed yet? for me I may need to switch back to AWS SAM even though serverless is way better because I can't create roles, I don't have those permissions and need to be able to set in the yml or not use it at all.

ilanRosenbaum avatar Aug 03 '20 18:08 ilanRosenbaum

My organization and I would benefit from this too

raptordzuricsko avatar Mar 02 '21 03:03 raptordzuricsko