We’ve recently noticed that IAM roles are getting altered when deploying to AWS using Deploy
, e.g. serverless deploy -s qa
.
The Roles are added in ´serverelss.yml` and have been in there (and working) in previous versions of the Lambda.
iam:
role:
statements:
- Effect: Allow
Action:
- 'dynamodb:*'
- 's3:*'
- 'ec2:CreateNetworkInterface'
- 'ec2:DescribeNetworkInterfaces'
- 'ec2:DeleteNetworkInterface'
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
- 'lambda:*'
- 'ssm:*'
- 'sqs:*'
Resource: '*'
What we’ve noticed is that sometimes the IAM role is altered and just now the above deploy’ed IAM role was missing the ssm:*
permission all of a sudden.
Why could that be happening?