We’ve recently noticed that IAM roles are getting altered when deploying to AWS using
serverless deploy -s qa.
The Roles are added in ´serverelss.yml` and have been in there (and working) in previous versions of the Lambda.
iam: role: statements: - Effect: Allow Action: - 'dynamodb:*' - 's3:*' - 'ec2:CreateNetworkInterface' - 'ec2:DescribeNetworkInterfaces' - 'ec2:DeleteNetworkInterface' - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' - 'lambda:*' - 'ssm:*' - 'sqs:*' Resource: '*'
What we’ve noticed is that sometimes the IAM role is altered and just now the above deploy’ed IAM role was missing the
ssm:* permission all of a sudden.
Why could that be happening?