Louis Barclay
07/22/2021, 9:30 PMFrank
role
, so
const fn = new sst.Function(...);
fn.role
Frank
Louis Barclay
07/23/2021, 12:10 PMassumeRolePolicy
in the role for your function. Here's a code snippet of how to change itLouis Barclay
07/23/2021, 12:10 PMimport * as sst from "@serverless-stack/resources";
import * as lambda from "@aws-cdk/aws-lambda";
import { PolicyStatement, Effect, ServicePrincipal } from "@aws-cdk/aws-iam";
export default class Edge extends sst.Stack {
constructor(scope, id, props) {
super(scope, id, props);
const edgeFunction = new sst.Function(this, "MyEdgeFunction2", {
handler: "src/lambda.main",
});
const edgePolicyStatement = new PolicyStatement({
actions: ["sts:AssumeRole"],
effect: Effect.ALLOW,
principals: [
new ServicePrincipal("<http://lambda.amazonaws.com|lambda.amazonaws.com>"),
new ServicePrincipal("<http://edgelambda.amazonaws.com|edgelambda.amazonaws.com>"),
],
});
edgeFunction.node.host.role.assumeRolePolicy.statements = [
edgePolicyStatement,
];
edgeFunction.node.host.environment = {};
const version = new lambda.Version(this, "MyVersion2", {
lambda: edgeFunction,
});
this.addOutputs({
VersionArn: { value: version.functionArn },
});
}
}
Louis Barclay
07/23/2021, 12:11 PMedgePolicyStatement
is defined and then used to set ...assumeRolePolicy.statements
)Frank
Frank