Serverless: [AWS] Unable to create role resource with policy
Question
I am learning how to make use of serverless framework and i am at the point of creating roles on which some specific functions will assume, but cloudformation throws an error indicating:
An error occurred: LambdaAdminRole - Unknown field Policies (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 07cb3916-78c5-11e9-b0f6-37c9c6cd9547).
The way how the resource is defined in serverless is like this:
resources:
Resources:
LambdaAdminRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${self:provider.stage}-lambda-admin-role
AssumeRolePolicyDocument:
Version: '2017'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:service}-${self:provider.stage}-lambda-cognito-admin-policy
PolicyDocument:
Version: '2017'
Statement:
- Effect: Allow
Action:
- cognito-idp:ListUsersInGroup
- cognito-idp:ListUsers
Resource:
- 'Fn::Join':
- ':'
- - 'arn:aws:cognito-idp'
- ${self:provider.region}
- Ref: 'AWS::AccountId'
- 'userpool/*'
Is this not the proper way to create a role with serverless?, i was following the examples that serverless's docuentation show: https://serverless.com/framework/docs/providers/aws/guide/iam/
2 answers
solution1
2 ACCPTED 2019-05-17 17:17:46
You have incorrect indentation, Policies attribute belongs to Properties , not to AssumeRolePolicyDocument which is the case in your document.
(unindent the whole Policies section by one)
solution2
0 2019-05-19 02:10:02
如官方文档中所述, Policies属于Properties ,而不属于AssumeRolePolicyDocument
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.