I am learning how to make use of serverless framework and i am at the point of creating roles on which some specific functions will assume, but cloudformation throws an error indicating:
An error occurred: LambdaAdminRole - Unknown field Policies (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 07cb3916-78c5-11e9-b0f6-37c9c6cd9547).
The way how the resource is defined in serverless is like this:
resources:
Resources:
LambdaAdminRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${self:provider.stage}-lambda-admin-role
AssumeRolePolicyDocument:
Version: '2017'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:service}-${self:provider.stage}-lambda-cognito-admin-policy
PolicyDocument:
Version: '2017'
Statement:
- Effect: Allow
Action:
- cognito-idp:ListUsersInGroup
- cognito-idp:ListUsers
Resource:
- 'Fn::Join':
- ':'
- - 'arn:aws:cognito-idp'
- ${self:provider.region}
- Ref: 'AWS::AccountId'
- 'userpool/*'
Is this not the proper way to create a role with serverless?, i was following the examples that serverless's docuentation show: https://serverless.com/framework/docs/providers/aws/guide/iam/
You have incorrect indentation, Policies
attribute belongs to Properties
, not to AssumeRolePolicyDocument
which is the case in your document.
(unindent the whole Policies
section by one)
如官方文档中所述, Policies
属于Properties
,而不属于AssumeRolePolicyDocument
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.