Serverless Stack

I see that there's a new role created for every lambda + stack. So we've almost reached our initial cap of 1000 roles available. Is that happening to others as well?

I’m leaning towards having the limit lifted. But I’m open for ideas if ppl have thoughts on having all/some Lambdas share the same role.

the easiest route seems to be to ask for an increase as necessary. playing devil's advocate here: why not have a shared role for basic lambda-api-gateway execution?

the basics so far are
• <https://console.aws.amazon.com/iam/home?region=us-east-1#/policies/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2Fservice-role%2FAWSLambdaBasicExecutionRole|AWSLambdaBasicExecutionRole>
• <https://console.aws.amazon.com/iam/home?region=us-east-1#/policies/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FCloudWatchLambdaInsightsExecutionRolePolicy|CloudWatchLambdaInsightsExecutionRolePolicy>
• and a policy related to x-ray.
what security are we losing if they were to share a basic role configured just for that api-gateway and stack? <@U01JVDKASAC>

Yeah if it’s the same set of permissions granted to all Lambda, it makes sense to just share the same role.

Maybe we can add an option at the Stack level to turn this on/off

Just opened a discussion for the record <https://github.com/serverless-stack/serverless-stack/discussions/292>