serverless-iam-roles-per-function icon indicating copy to clipboard operation
serverless-iam-roles-per-function copied to clipboard
verified publisher icon functionalone

Support for Customer Managed Policies

Open omenocal opened this issue 1 year ago • 0 comments

This is an attempt to include this functionality into the serverless-iam-roles-per-function repository as it's one of my favorite plugins for my Serverless projects.

I have recently come across this issue where I need to have a project meet some criteria to be compliant with a security check. I have surfaced the web and I didn't find any solution to update the IAM roles created in my Serverless project to use Customer Managed Policy instead of an inline policy.

This was discussed in the Serverless Forum last year, but no solution was found.

My implementation exposes a property at the serverless template level, and for each individual lambda. If someone wants to create CustomerManagedPolicies for a single lambda, they can set the defaultCreateCustomerManagedPolicy: true in the specific lambda. Or if they want to have all their lambdas use the managed policy, they can add the property custom.serverless-iam-roles-per-function.defaultCreateCustomerManagedPolicy: true to the serverless template file.

omenocal avatar May 08 '24 14:05 omenocal