Modifying service token is not allowed

ganku007 · August 28, 2020, 6:49am

I am getting the error “Modifying service token is not allowed” while trying to redeploy the serverless.yml. I am not sure why it doesn’t allow to update the resource. Any help will be appriciatted.

function defined as below:

studentContentEvent:
handler: studentContent
name: clapi-{self:provider.stagePrifix}-studentContent package: artifact: ./artifacts/studentContent.zip events: - s3: bucket: {self:provider.contentBucket}
events:
- s3:ObjectCreated:*
existing: true

Resoure is created as below:

ContentBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:provider.contentBucket}
VersioningConfiguration:
Status: Enabled
CorsConfiguration:
CorsRules:
- AllowedHeaders:
- “"
AllowedMethods:
- “GET”
- “PUT”
AllowedOrigins:
- "”
MaxAge: 3000
ExposedHeaders:
- x-amz-version-id
- Server

lukelab · April 1, 2021, 2:14pm

For any future visitors, I had the same issue when using sls-deploy through Github CI. I was installing it on the fly before running the deploy. I realised this would install the latest version of serverless every time which might contain bugs as they release regularly to npm.

After I locked it to the older version (2.28.7) that was working fine on my local machine, it fixed this issue.

symetryn · April 4, 2021, 10:37am

I was given the same error because some how sls deploy generated function name myfunctionname-undefined-resource-apigw-cw-role on CustomDashresourceDashapigwDashcwDashroleLambdaFunction on the cloudformation template instead of the default stage dev. Specifying stage with command sls deploy --stage dev fixed it

splinteredglass · April 12, 2021, 11:00am

This worked for me as well

jjpepper · May 21, 2021, 3:35am

I’m getting this problem too. --stage dev fixes it, but can anyone explain why it’s happening it and what needs to be done to avoid it?

bjornhansen · August 15, 2023, 4:16pm

I’m seeing this error in version 3.34.0 and unfortunately, none of the things mentioned in this thread have resolved it.

Version information:

Framework Core: 3.34.0 (local) 3.33.0 (global)
Plugin: 6.2.3
SDK: 4.3.2

What I’m doing:
Trying to deploy a stage named prod after deploying the default dev stage for an app. The stages are in the same provider. I set up a project, then ran sls deploy, which was successful, followed by sls deploy --stage prod which is where I encountered the error.

The message I’m getting:

Error:
UPDATE_FAILED: CustomApiGatewayAccountCloudWatchRole (Custom::ApiGatewayAccountRole)
Modifying service token is not allowed.

What I’ve tried:

Using different stage names. E.g. main.
Using a custom provider.logs.restApi.role and setting provider.logs.restApi.roleManagedExternally to true as suggested by @Zambonilli.
Deploying the “prod” stage to a separate “service” in Serverless.

Whatever I do, anything but the default dev stage results in that error. Has this still not been resolved?

bjornhansen · August 15, 2023, 4:37pm

In my case this was caused by the stackName property being the same for both stages.

Topic		Replies	Views
Deploy cloudformation modification only? Serverless Framework	4	1197	July 5, 2018
Cannot redeploy - UploadBucket slsupload already exists Serverless Framework aws	3	3186	May 25, 2017
An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied Serverless Framework	2	7261	September 19, 2020
Just deploy cloudformation changes for AWS Serverless Framework aws	1	444	October 3, 2019
Serverless Error - The security token included in the request is invalid Serverless Framework aws	5	51146	February 11, 2024

Modifying service token is not allowed

Related Topics