serverless-iam-roles-per-function icon indicating copy to clipboard operation
serverless-iam-roles-per-function copied to clipboard
verified publisher icon functionalone

How can we acheive IAM path per function?

Open cyim02 opened this issue 3 years ago • 2 comments

I have gone through the doc for this plugin but unable to find how we can add IAM path per function? Would like to have something like this as feature request~

iamRoleStatementsInherit: true
iamRolePath: /path

cyim02 avatar Jun 22 '22 02:06 cyim02

I'm not sure that I follow.

Could you please describe more in detail what an iamRolePath settings would provide?

andersquist avatar Jun 22 '22 05:06 andersquist

Since in AWS IAM, IAM roles can be grouped/organised with IAM path for easier resource permission control. In cloudformation, there is a 'Path' properties that can be specified.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path

Ideally, with the iamRolePath settings, it could create IAM role per function with the path added: e.g. arn:aws:iam::{account id}:role/{path}/{role-name}

CCYeung-HK avatar Jun 22 '22 09:06 CCYeung-HK