Serverless Stack

Hi everyone! I am migrating from the previous <http://Serverless-Stack.com|Serverless-Stack.com> way of doing things (serverless framework) to sst. Previously, I had an iamRoleStatements section of serverless.yml which allowed e.g. the action acm.RequestCertificate. Now I can't figure out how to grant that permission to the new sst way of doing things, so I'm hitting this error:

`AccessDeniedException: User: arn:aws:sts::XXXXXX/dev-my-sst-app-my-stack-ApiLambdaPOSTcreateService-XXXXXX/dev-my-sst-app-my-stack-ApiLambdaPOSTcreateXXXXX is not authorized to perform: acm:RequestCertificate`

Any help gratefully appreciated!

I'm thinking I put it in here. Going to go back to the documentation to try figure it out

Getting somewhere with figuring this out! Think I need to configure the `permissions` key after `runtime`. Just need to figure out the right syntax

```app.setDefaultFunctionProps({
  runtime: "nodejs12.x",
  permissions: ["acm:RequestCertificate"],
});```

This will allow all Lambdas in the app to  have the `acm:RequestCertificate` permission

If you want to grant the permission to a single Lambda or a group of Lambdas (ie. all Lambdas in an API endpoint), let me know and i can share some snippet.

If you look at that blueish line in the console `Press ENTER to redeploy infrastructure`

Let me sit with it for a few minutes and see if I can fix it

I've exited the process and run `npx sst start` again, let me see if that helps

Yeah, lemme know if it’s not working for u.

You can look at the CloudFormation template generated inside `.build/cdk.out` and see if `acm:RequestCertificate` shows up in there

Boom - it's working now after re-running `npx sst start`, thanks so much!

Just to clarify, did you try to press ENTER to redeploy the infrastructure previously and that didn’t work?

oh right.. VS Code isn’t passing key strokes to SST.