update Lambda Support documentation examples to show role is required

[FireballDWF]

Role is actually required in the 3 policies examples at https://cloudcustodian.io/docs/policy/lambda.html so it would help beginners to include the role example from the config rule example in the first three policies as well. In addition, it would also help beginners to show some minimal IAM policy for that role that would at least allow documentation examples to run.

[FireballDWF]

Without this improved documentation, beginners will spin cycles troubleshooting, some may give up, others will submit issues like #63

[thisisshi]

Right, I think it should be clarified as well that the --assume-role option in the custodian run cli command will also be picked up as the role if no role is given in the policy file

[kapilt]

Role is only required if not doing assume role on cli. The error msg should make that clear, but noted on the experience. We could produce an iam role/policy gen script from the annotations on various filters and actions however, without functional test harnesses that exercise them we’ll have some gaps exposed I suspect, still perfect should not be the enemy of the good. I’ll pr a for a script in tools/ops for it.

…

On Wed, Dec 19, 2018 at 1:08 PM Sonny ***@***.***> wrote: Right, I think it should be clarified as well that the --assume-role option in the custodian run cli command will also be picked up as the role if no role is given in the policy file — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#3262 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABUkvgTb_Q-uo--VqFccI75jUtKLeMZks5u6oCfgaJpZM4ZZvsY> .