I see you can write custom roles with multiple policies in-line with them. They can be attached to lambdas/SQS/SNS etc. I’d like to write policies as separate components I can attach to roles. So a role can be made up of several policy components by reference. Is this possible? This is pseudo yml which won’t work, but shows what I am after:
service: thing
plugins:
- serverless-plugin-scripts
provider:
name: aws
runtime: nodejs12.x
functions:
hello0:
handler: handler.hello
role: DemoRole
hello1:
handler: handler.hello
role: DemoRoleWithExtraStuff
resources:
Resources:
DemoRole:
Type: AWS::IAM::Role
Properties:
PolicyName: Test
PolicyDocument:
ManagedPolicyArns:
- !Ref BasicLambdaPolicy
DemoRoleWithExtraStuff:
Type: AWS::IAM::Role
Properties:
PolicyName: Test
PolicyDocument:
ManagedPolicyArns:
- !Ref BasicLambdaPolicy
- !Ref AnotherBasicLambdaPolicy
BasicLambdaPolicy:
Type: AWS::IAM:ManagedPolicy
Properties:
PolicyName: DemoDetectorPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- someAction
AnotherBasicLambdaPolicy:
Type: AWS::IAM:ManagedPolicy
Properties:
PolicyName: DemoDetectorPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- someAction