Define role for both Http and websocket API in one serverlss.yml

Hi All,
I am using AWS Websocket API with serverless framework 1.38.0 and i want to deploy both http and websocket event lamda with single serverless.yml and with one existing IAM role. Hence for this i have declared role arn in provider tab but when i run sls deploy -v it says error - cannot read properties undefined.
My understanding is we can only define role arn at function level either for event type - http or event type wss or viceversa.
Please help me how to define EXISTING role for both API’s either at global level or function level, sample yml configuration will really help.

My Sample yml below,
handler: CsharpHandlers::AwsDotnetCsharp.Handler::Hello
role: arn:aws:iam::019095984934:role/LambdaDeployment
name: APITypeHello
- http:
path: api/shipments
method: post
cors: true
handler: CsharpHandlers::AwsDotnetCsharp.WebsocketHandler::GetWSSRequest
#role: arn:aws:iam::019095984934:role/websocketTesting-dev-ap-southeast-1-lambdaRole - below is the custom admin role
#role: arn:aws:iam::019095984934:role/LambdaDeployment
name: chatMessage
- Effect: Allow
- lambda:InvokeFunction,
- lambda:InvokeAsync
Resource: “arn:aws:lambda:::function:*”
Thanks in advance

Hi, I also have the same problem. For now, I am downgrading to 1.36 and using the deprecated serverless-websockets plugin. Could you ping me if you find a solution? Thanks

Hi yes i found one solution will share once i done. For now you can assign iamrolestatements policies at provider level and which will joined with the policies of the default IAM role at runtime.
Therefore your default role would be set on all types of API functions and by adding policies to it you are providing more permissions.


Also after downgrading the serverless-plugin version is it working fine? like can we provide roles for both types at provider level.

I am also looking for how to use single role for all my deployment and dont want default
to be role created. Can you help please.


Yes. This works. Adding a policy to the default role created works.

I think that the default role is in the code and I have checked so far(I would like to be wrong) and have not seen anyway that the core code can retrieve a custom/user defined role. Also I have not tried to downgrade yet. But I will try the option of downgrading and using the deprecated serverless-websockets plugin before the end of the day. Also thanks for your help.

Welcome. I have just tried the websocket deployment and it seems we can only define role for websocket functions like either in default handlers (onconnect, disconnect) or in sendmessage handler like below. In this case the connect disconnect routes will be deploy with default IAM role but it should be fine.

handler: CsharpHandlers::AwsDotnetCsharp.Handler::Hello
#name: APITypeHello-{self:provider.stage} name: APITypeHello role: arn:aws:iam::...:role/lambdarolenew events: - http: path: api/shipments method: post integration: lambda cors: true onConnect: handler: CsharpHandlers::AwsDotnetCsharp.WSSConnectHandler::WSSConnect #name: onConnect-{self:provider.stage}
name: OnConnect
- websocket:
route: $connect
- websocket:
route: disconnect chatMessage: handler: CsharpHandlers::AwsDotnetCsharp.WebsocketHandler::GetWSSRequest #name: chatMessage-{self:provider.stage}
name: chatMessage
role: arn:aws:iam::…:role/lambdarolenew
- websocket:
route: chatMessage