Serverless-iam-roles-per-function and serverless.ts

sdeby · December 22, 2020, 6:54pm

Hey everyone,

I am getting an error trying to add a custom permission on a function in the serverless.ts config. This works fine in serverless.yaml

With serverless-iam-roles-per-function installed (version 3.0.1), I have the following (see commented out section with iamRoleStatements):

...
functions: {
    foo: {
      handler: 'foo.handler',

      events: [
        {
          eventBridge: {
            eventBus: ‘myArn’
            pattern: {
              source: [‘logging.service'],
            },
          },
        },
      ],
      // iamRoleStatements: [
      //    {
      //      Effect: 'Allow',
      //      Action: ['dynamodb:PutItem'],
      //      Resource: [
      //        {
      //          'Fn::GetAtt': ['LoggingTable', 'Arn'],
      //        },
      //      ],
      //    },
      // ],
    },

...
}

Here is an excerpt of the compilation error message when iamRoleStatements is enabled:

Type '{ handler: string; description: string; events: { eventBridge: { eventBus: string; pattern: { source: string[]; }; }; }[]; iamRoleStatements: never[]; }' is not assignable to type '{ name?: string | undefined; events?: ({ __schemaWorkaround__: null; } | { schedule: string | { rate: string; enabled?: boolean | undefined; name?: string | undefined; description?: string | undefined; input?: string | ... 2 more ... | undefined; inputPath?: string | undefined; inputTransformer?: { ...; } | undefine...'.
  Object literal may only specify known properties, and 'iamRoleStatements' does not exist in type '{ name?: string | undefined; events?: ({ __schemaWorkaround__: null; } | { schedule: string | { rate: string; enabled?: boolean | undefined; name?: string | undefined; description?: string | undefined; input?: string | ... 2 more ... | undefined; inputPath?: string | undefined; inputTransformer?: { ...; } | undefine...'.ts(2322)

Does anybody knows a workaround for this issue?

Thanks

–
Serge

pdeltour · January 15, 2021, 9:32am

Hi Serge,

i add the same issue and founded that adding a // @ts-expect-error
compilation directive stopped the compiler from screaming.

// @ts-expect-error: Let's ignore a single compiler
  iamRoleStatements: [
    {
      'Effect': 'Allow',
      'Action': ['s3:GetObject', 's3:ListBucket'],
      'Resource': 'arn:aws:s3:::myfavoritebucket/*'
    }

It seems the problem is general for all the additional structures added by plugins.

It is a bit of a hack so any better options would be appreciated.

Best

Pierre

Topic		Replies	Views
Per-function IAM permissions? Serverless Framework aws	3	1611	October 12, 2016
Feature Request : per-function IAM policies Serverless Framework aws	4	2025	February 1, 2018
How it works iamRoleStatements configuration section? Serverless Framework aws	6	24573	November 19, 2019
Use serverless-iam-roles-per-function plugin with provider level iamRoleStatements Serverless Framework aws , lambda	0	536	June 5, 2020
Generate IAM permissions for invoking lambda from lambda Serverless Framework aws	8	23054	May 29, 2020

Serverless-iam-roles-per-function and serverless.ts

Related Topics