-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add IAM role in Outputs when using Serverless Application #7
Comments
Thank you for this request, this is a good change that we had not previously looked at. We will investigate making this change for a future release. |
Another solution would be to take the arn of the master secret as a property in your Serverless Application and use it inside to construct a correct policy. |
Hello, any update on this? It would be great to be able to create multi user rotation strategies with CloudFormation... |
@StevenEmelander @willtong1234 any update? |
I apologize for the delay in this. We have investigated the feasibility of outputting the IAM role from our templates. Unfortunately, since we simply leverage the AWS::Serverless::Function SAM resource (see https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction), we do not have the IAM role in the output in order to output from our own template. The only output available is the ARN of the lambda itself, which we already output. In order to get the role ARN, we would first have to get the role ARN output from SAM. You will probably need to submit an issue to them here: https://github.com/awslabs/serverless-application-model/issues. |
I am closing this issue as this is a limitation of SAM. Please re-open if you have any questions. |
Hello,
Multi user strategies require access to a master secret.
When deploying the strategy with the AWS Serverless Repository the only way I see to allow this is to add in my CF template a resource policy on the master secret allowing the role created by the Serverless Application to call
GetSecretValue
. Since this role is not outputed, I cannot find a way to achieve this.The text was updated successfully, but these errors were encountered: