How would I add a custom Trust relationship to the...
# helpl
Louis Barclay
07/22/2021, 9:30 PMHow would I add a custom Trust relationship to the ServiceRole for my Lambda functions?
f
Frank
07/22/2021, 10:45 PM
You can reference the role via
role Copy code
const fn = new sst.Function(...);
fn.roleFrank
07/22/2021, 10:49 PM
And you can look at the IAM Role doc and see if that’s doable - https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html
l
Louis Barclay
07/23/2021, 12:10 PMPhew, I figured out how to do this. Turns out 'Trust relationships' are a very confusing concept because they are named differently in different parts of AWS docs. Essentially it's the same as the
assumeRolePolicyLouis Barclay
07/23/2021, 12:10 PM Copy code
import * as sst from "@serverless-stack/resources";
import * as lambda from "@aws-cdk/aws-lambda";
import { PolicyStatement, Effect, ServicePrincipal } from "@aws-cdk/aws-iam";
export default class Edge extends sst.Stack {
constructor(scope, id, props) {
super(scope, id, props);
const edgeFunction = new sst.Function(this, "MyEdgeFunction2", {
handler: "src/lambda.main",
});
const edgePolicyStatement = new PolicyStatement({
actions: ["sts:AssumeRole"],
effect: Effect.ALLOW,
principals: [
new ServicePrincipal("<http://lambda.amazonaws.com|lambda.amazonaws.com>"),
new ServicePrincipal("<http://edgelambda.amazonaws.com|edgelambda.amazonaws.com>"),
],
});
edgeFunction.node.host.role.assumeRolePolicy.statements = [
edgePolicyStatement,
];
edgeFunction.node.host.environment = {};
const version = new lambda.Version(this, "MyVersion2", {
lambda: edgeFunction,
});
this.addOutputs({
VersionArn: { value: version.functionArn },
});
}
}Louis Barclay
07/23/2021, 12:11 PM(Refer to the lines where
edgePolicyStatement...assumeRolePolicy.statementsf
Frank
07/23/2021, 12:57 PM
@Louis Barclay Thanks for sharing! Dang! That looks super messy.
Frank
07/23/2021, 12:58 PM
Let me bump up the priority on Lambda@Edge support https://github.com/serverless-stack/serverless-stack/issues/577