Hello, is there a way to attach inline policy to roles created to lambda functions on deployment?

Hey @FJ, what do u mean by

on deployment

?

@FJ yes if you mean

sst deploy

, you could test e.g. for app.isLocal or the stage name

@Frank I see that a role is created dynamically while lambda function is deployed. And I want to add some policies to that role instead of adding on ui

@FJ I'm not sure if I perhaps misunderstood your question about deployment. SST has a separate "deploy" command and I thought you like to add permissions only when deploy is called. Otherwise, you don't need the if-statement.

fn.role.attachInlinePolicy

will create a new inline policy which is added to the existing permissions. The statements look very similar to what you would do in the UI. Each has

effect

,

actions

and

resources.

This allows you to create your own permissions the way you need them. SST also allows a shortcut approach for existing resources you already defined. In such case, you can simply reference a construct instead of writing out the permission in detail.

@Klaus yes I would like to add policies only in deployment command, in local mode I don't have issues or restrictions with policies just with the roles created with deployment. That part of fn was a little bit confusing for me 😅 still reading documentation but yes it seems to be what I need. The statement are pretty familiar. Thank you so much for your help!