Here's an SST design question, why does SST need t...
# sstm
Michael Robellard
05/27/2022, 3:08 PMHere's an SST design question, why does SST need to create a new IAM role for each Lambda function even though the roles each appear different? Clearly you need one for each stage and region as the resources will be different in those cases, but for each Lambda function of which I have many SST is creating an identical Role. Obviously if you have customized resources for each Lambda they need different roles, but in my case they all have the same IAM requirements.
t
thdxr
05/27/2022, 3:14 PMIt's a bit hard for us to analyze all your functions and figure out which ones have the same requirements and generate a shared role
thdxr
05/27/2022, 3:14 PMYou can manually create a role and associate it with all functions if you want this
thdxr
05/27/2022, 3:14 PMBut over time functions IAM policies tend to diverge
m
Michael Robellard
05/27/2022, 3:17 PMIt was more a curiosity than an issue, as I have 212 roles in my account at the moment, and it just seemed like a lot. Since I am not manually managing them, it doesn't hurt me, and the only time it would impact a deployment length would be if one changed if I understand how things work correctly.
Michael Robellard
05/27/2022, 3:21 PMThe one place I think it may be an issue is the 500 resources per stack limit correct?
f
Frank
05/27/2022, 6:18 PM
Hey @Michael Robellard here’s an example of re-using the same role for all routes in an Api https://docs.serverless-stack.com/constructs/Api#using-1-role-for-all-routes
Frank
05/27/2022, 6:19 PM
You can apply a similar idea to have all functions in ur app to reuse the same role.