Existing IAM role reuse syntax/behavior

Hi there,


I ought to be able to do this in my serverless.yml file to reuse an existing IAM role for all functions within my service:

  name: aws
  runtime: nodejs4.3
  role: arn:aws:iam::<my account number>:role/<some role name>

But I’m finding that instead it creates a new custom IAM role anyway (console output):

Service Information
service: myFirstServerlessService
 stage: dev
region: us-east-1
api keys:
  myFirstServerlessService-dev-hello: arn:aws:lambda:us-east-1:<my account number>:function:myFirstServerlessService-dev-hello

Do I have the syntax wrong, do I misunderstand this feature, or have I found a bug?

Your snippet looks fine, but I’m just going off the docs - I haven’t used this functionality myself.

Have you verified your function is using the newly created role (and not your specified role) via the console? The CLI output doesn’t really give enough information.

I’d start by running serverless deploy --noDeploy and checking the template created in .serverless/cloudformation-template-update-stack.json to see if your specified role ARN is referenced anywhere. If it’s not, you might have found a bug…

Are you running on the latest version of Serverless (v1.1.0)?

Update: looks like you’re not the only one having issues with it https://github.com/serverless/serverless/issues/2706

Thanks for the reply @rowanu. I upgraded to 1.1 and that didn’t solve it. Upon doing a serverless deploy --noDeploy I see no references to my arn in .serverless/cloudformation-template-update-stack.json. I’d say I found a bug then, I’ll document here in a bit.

Easy workaround, though, to manually apply the role in the Lambda console.

Your other option (as mentioned in the bug report I linked above) is to run Serverless off master as the issue seems to be fixed there.

v1.2.0 is due out any day now, so you should be right once it’s released.