In order to have my lambda function be a consumer of kinesis stream, I need to apply a AWSLambdaKinesisExecutionRole managed policy to the IamRoleLambdaExecution.
My current top-level serverless.yml starts like:
How can I be sure the appropriate AWSLambdaKinesisExecutionRole policy is attached to my iamRoleLambdaRole? Once I do that manually in the AWS console my lambda consumer works a treat! But I’d like to do it all in serverless
I haven’t tried to associate managed policies, and I’m not sure the provider or iamRoleStatements configuration objects support it.
As a work-around, you could just inline the managed policy. Looking at the AWSLambdaKinesisExecutionRole role in the AWS IAM Console, it would look something like this (in addition to your other statement):
I’m not sure why specifying the specific resource (commands stream) doesnt work…I’m still learning about IAM policies and such. I’ll stick to your wildcard solution for now.
Ah, I only saw a subset of actions, hence my suggestion.
The Resource ARN you specified looks too specific - I would expect you’d need a star somewhere in the last section (i.e. stream/commands) for it to work in a generic way/across deployments. I’m not familiar with Kinesis, so can’t be more specific than that unfortunately.