Add IAM role in Outputs when using Serverless Application #7
Comments
|
Thank you for this request, this is a good change that we had not previously looked at. We will investigate making this change for a future release. |
|
Another solution would be to take the arn of the master secret as a property in your Serverless Application and use it inside to construct a correct policy. |
|
Hello, any update on this? It would be great to be able to create multi user rotation strategies with CloudFormation... |
|
@StevenEmelander @willtong1234 any update? |
|
I apologize for the delay in this. We have investigated the feasibility of outputting the IAM role from our templates. Unfortunately, since we simply leverage the AWS::Serverless::Function SAM resource (see https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction), we do not have the IAM role in the output in order to output from our own template. The only output available is the ARN of the lambda itself, which we already output. In order to get the role ARN, we would first have to get the role ARN output from SAM. You will probably need to submit an issue to them here: https://github.com/awslabs/serverless-application-model/issues. |
|
I am closing this issue as this is a limitation of SAM. Please re-open if you have any questions. |
Hello,
Multi user strategies require access to a master secret.
When deploying the strategy with the AWS Serverless Repository the only way I see to allow this is to add in my CF template a resource policy on the master secret allowing the role created by the Serverless Application to call
GetSecretValue. Since this role is not outputed, I cannot find a way to achieve this.The text was updated successfully, but these errors were encountered: