Serverless Stack

Hi there, I am using appSync and I can see that SST created an IAM role for me automatically.

This IAM role has a trust relationship to <http://appsync.amazonaws.com|appsync.amazonaws.com> and permissions to invoke lambda `lambda:InvokeFunction` .

Is it possible to specify an existent role instead of creating one?

It is just that our pipeline role currently does not have permission to create IAM roles.

Hey <@U02PNQHSYQ6>, it’s a work in progress on the CDK side <https://github.com/aws/aws-cdk/issues/16225>

^ as a side note, whenever u create a new lambda function, CDK also creates an IAM role with trust relationship to `<http://lambda.amazonaws.com|lambda.amazonaws.com>`. Do you also have to override that?

hmm… I don’t know if that’s a common practice.

Usually what ppl do in this case is specify a `--role-arn` when deploying, and CloudFormation will use this role instead of the Pipeline role.