Reputation: 31610
How do I get the name of a dynamically created lambda role?
I like how a role + inline policy is created when I deploy my template:
Resources:
MyFUnction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
Description: Enter description of what this specific Lambda does
CodeUri: hello_world/build/
Handler: app.lambda_handler
Runtime: python2.7
Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object
Variables:
PARAM1: VALUE
Policies:
# Using AWSLambdaExecute automatically creates a role named: <StackName>Role-<UUID>
- AWSLambdaExecute
# This policy is assigned as an Inline policy to the role
- Version: '2012-10-17' # Policy Document
Statement:
Effect: Allow
Action: ......
Now can I ref the role that is dynamically created and add an Output: for it in the SAM template?
Upvotes: 4
Views: 2752
Answers (2)
Reputation: 41
I was able to test a solution to this, in the SAM template.yaml you can add an Output as you would in CloudFormation for the Logical ID that is created automatically for you as part of the Transform when using Properties such as Policies for AWS::Serverless::Function
The Logical ID of the resulting IAM Role is <Function Logical ID>Role, I used the below:
Outputs:
LambdaRole:
Value:
Fn::GetAtt:
- "LambdaFunctionRole"
- "Arn"
Description: "Lambda IAM Role"
Upvotes: 4
Reputation: 497
The resulting role that SAM creates for you is just the name of your function with "Role" added to the end. You can use this information to get the Role or properties of it using normal CloudFormation functions.
For example, if you wanted to access the role ARN of MyFunction, you would use !GetAtt MyFunctionRole.Arn in your SAM YAML template. The same principle should apply for !Ref and other functions.
Upvotes: 7
Related Questions
- Referencing an AWS Lambda's role inside a SAM Template (CF Stack) YAML
- Reference a dynamic role name in a Cloudformation template
- ARN of the role that is automatically created with an Lambda function
- how to launch lambda functions from AWS SAM and assign custom AWS IAM role to lambda
- How to get a role's name/ARN into its own AssumeRole policy?
- AWS Lambda Functions: it doesn't show list of existing roles
- How to get the current execution role in a lambda?
- Get information about about the role that creates an AWS resource
- How do I reference a role defined in a SAM template?
- Get ARN of Lambda role in bucket policy