Reputation: 1035
Serverless AWS-IAM Permissions
Why does serverless needs iam:CreateRole permission to create LambdaExecution permission when I already attach a policy to the user which has full access to lambda?
Upvotes: 1
Views: 312
Answers (1)
Reputation: 3449
Every AWS Lambda function needs permission to interact with other AWS infrastructure resources within your account. These permissions are set via an AWS IAM Role which the Serverless Framework automatically creates for each Serverless Service, and is shared by all of your Functions. The Framework allows you to modify this Role or create Function-specific Roles, easily. Documentation
When building a serverless application, it’s important to assign each Lambda function a separate IAM role. This architecture ensures that each Lambda function is assigned least privilege permissions and is independent from other function’s permissions. It allows functions to evolve over time. As one function’s permissions are modified, they do not affect the other function’s permission scope. In deep
Upvotes: 1
Related Questions
- How to create IAM user with access key and secret key using Serverless framework?
- Serverless Framework - What permissions do I need to use AWS SSM Parameter Store?
- How to troubleshoot Serverless IAM permissions
- Meta permissions around creating roles in AWS IAM?
- What are the required policies for a IAM user that does a Serverless deployment to AWS Lambda?
- How does serverless works with amazon AWS Access Role?
- AWS: Assinging IAM roles to IAM users
- How to create a minimal and complete IAM roles/permissions given requirements?
- What permissions should I grant an IAM so that it may create instances and manage them?
- AWS IAM Access Management