Hi
I had a working serverless.yml
And i wanted it to be deploy-able on 3 environments
SO i used a hack i found in one of this nice forum:
environment:
Stage: {opt:stage}
profile: {self:custom.myProfile.{self:custom.myStage}}
region: {self:custom.myRegion.${self:custom.myStage}}
…
custom:
myStage: ${opt:stage, self:provider.stage}
myProfile:
dev: devAccount
test: testAccount
prod: prodAccount
myRegion:
dev: us-east-2 # Ohio
test: eu-central-1 # Frankfurt
prod: eu-west-1 # Irland
But now for some reason , sls deploy --stage dev fails
With
An error occurred: RobotProgressDashPlatformEventLambdaFunction - Lambda was unable to encrypt your environment variables because the KMS access was denied. Please check your KMS permissions. KMS Exception: AccessDeniedException KMS Message: User: arn:<my_user> is not authorized to perform: kms:Encrypt on resource: arn:aws:kms:us-east-2: (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: b31a61f8-da8b-11e8-98e6-ddf1f9f5bfbc).
1 - My user have full permission on all KSM object:
“Effect”: “Allow”,
“Action”: “kms:",
“Resource”: "”
2 - there is no asking to encrypt the env in my settings
3 - this wasn’t an issue before in previous scenario where i did had an encrypted env var
What am i missing?
Any help will be appropriate
thanks