I was quite excited to see that we can now specify existing roles for the lambdas: https://serverless.com/framework/docs/providers/aws/guide/iam/
Our developers (and jenkins) do not have an AWS role with iam, so currently when deploying a stage for the first time, it has to be done by an admin (like me) who has iam rights. After the initial deploy, the devs can now deploy (without iam rights). However this is tedious and we’d like to not have to have serverless need iam rights at all.
Because our developers are not allowed to have IAM permissions. However, when I try to deploy using custom role like this:
provider: name: aws runtime: nodejs4.3 role: arn:aws:iam::531840447582:role/uca-api-chrisd-IamRoleLambdaExecution-JTSXKY12ZTEC
using serverless with no iam permissions, I get errors that it requires iam:PutRolePolicy
This is probably valid, but can anyone help me understand why?