Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error running example #4

Closed
jgwinner opened this issue May 19, 2019 · 3 comments
Closed

Error running example #4

jgwinner opened this issue May 19, 2019 · 3 comments
Assignees
@marcelobern
Labels
question Further information is requested

Comments

@jgwinner
Copy link

When running the sample pretty much as is (I did change to Oregon), I get the following error:

Serverless Error ---------------------------------------

  An error occurred: IamRoleLambdaExecution - API: iam:AttachRolePolicy User: arn:aws:iam::redacted:user/serverless-agent is not authorized to perform: iam:AttachRolePolicy on resource: role serverless-loopback-dev-us-west-2-lambdaRole.

What's weirder, is that I went to add "AttachRolePolicy" but couldn't find it in the list.

I get the same error if I run on east.

    == John ==
@jgwinner
Copy link
Author

Ok, it's definitely a permissions error, if I add administrator access it does this:

Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: WARNING: Function loopback has timeout of 60 seconds, however, it's attached to API Gateway so it's automatically limited to 30 seconds.
Serverless: WARNING: Function loopback has timeout of 60 seconds, however, it's attached to API Gateway so it's automatically limited to 30 seconds.
Serverless: Service files not changed. Skipping deployment...
Service Information
service: serverless-loopback
stage: dev
region: us-west-2
stack: serverless-loopback-dev
resources: 1
api keys:
  None
endpoints:
  None
functions:
  loopback: dev-loopback
layers:
  None

Stack Outputs
ServerlessDeploymentBucketName: serverless-loopback-dev-serverlessdeploymentbucke-redacted

At least I have a work around.

@jgwinner jgwinner mentioned this issue May 19, 2019
Closed
@marcelobern
Copy link
Contributor

@jgwinner serverless is a bit "greedy" on permissions.

As you can read here: "Note: In a production environment, we recommend reducing the permissions to the IAM User which the Framework uses. Unfortunately, the Framework's functionality is growing so fast, we can't yet offer you a finite set of permissions it needs (we're working on this)."

@marcelobern marcelobern self-assigned this Jun 5, 2019
@marcelobern marcelobern added the question Further information is requested label Jun 5, 2019
@jgwinner
Copy link
Author

jgwinner commented Jun 5, 2019

Understood, and I did read that, but my point is that you should be able to download the sample, read the docs, and implement. I followed them, so if there is a need for higher permission levels, that should be added to the sample and instructions for running.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcelobern marcelobern

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgwinner @marcelobern