Reputation: 4342
Serverless: [AWS] Unable to create role resource with policy
I am learning how to make use of serverless framework and i am at the point of creating roles on which some specific functions will assume, but cloudformation throws an error indicating:
An error occurred: LambdaAdminRole - Unknown field Policies (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 07cb3916-78c5-11e9-b0f6-37c9c6cd9547).
The way how the resource is defined in serverless is like this:
resources:
Resources:
LambdaAdminRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${self:provider.stage}-lambda-admin-role
AssumeRolePolicyDocument:
Version: '2017'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:service}-${self:provider.stage}-lambda-cognito-admin-policy
PolicyDocument:
Version: '2017'
Statement:
- Effect: Allow
Action:
- cognito-idp:ListUsersInGroup
- cognito-idp:ListUsers
Resource:
- 'Fn::Join':
- ':'
- - 'arn:aws:cognito-idp'
- ${self:provider.region}
- Ref: 'AWS::AccountId'
- 'userpool/*'
Is this not the proper way to create a role with serverless?, i was following the examples that serverless's docuentation show: https://serverless.com/framework/docs/providers/aws/guide/iam/
Upvotes: 2
Views: 1147
Answers (2)
Reputation: 1309
As mentioned in the official documentation Policies belongs to Properties and not to AssumeRolePolicyDocument
Upvotes: 0
Reputation: 14462
You have incorrect indentation, Policies attribute belongs to Properties, not to AssumeRolePolicyDocument which is the case in your document.
(unindent the whole Policies section by one)
Upvotes: 4
Related Questions
- Serverless error UPDATE_FAILED - AWS::IAM::Role - IamRoleLambdaExecution
- Invalid Serverless Application Specification document. Number of errors found: 2. Resource with id [**] is invalid. Type of property 'Role' is invalid
- How to solve “Error validating stack policy" "Unsupported action" when using Serverless?
- AWS Serverless Framework : MalformedPolicyDocument Error while creating IAM Role and Policy
- Manually Create Role in Serverless Instead of Serverless Creating It
- execute serverless deploy with aws role
- Serverless Framework error Policy statement must contain actions
- serverless framework: trying to define a role for a lambda gives an undefined resource error
- creating aws IAM Role using cloudformation does not create RolePolicies
- CAPABILITY_NAMED_IAM error when running serverless deploy