https://serverless-stack.com/ logo
Join Slack
Powered by
> :loudspeaker: Update Run your SST commands wi...
# general
f
📢 Update
Run your SST commands with 
--role-arn
to specify an execution IAM role for CloudFormation to use when creating/updating/deleting your stacks.
t
Nice so can I assume roles into other aws accounts with this?
f
Hey @thdxr, the flag is actually not intended for cross account deployment. The best way for that is to setup IAM roles in ur `~/.aws/credentials`:
Copy code
[default]
 aws_access_key_id = xxxxxxxxxxxxxxxxxxxx
 aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 [prod]
 region = us-east-1
 role_arn = arn:aws:iam::111111111111:role/admin-role
 source_profile = default
t
Cool that's what I'm doing now, makes sense
f
Yeah, let’s say the 
default
profile is for ur 
dev
stage. And your SST app has Apis, Tables, Topics, Queues, Step Functions, etc but you don’t want to give 
default
the permissions to create/update/remove all those resources. So you can create an IAM role that can create/update/remove those resources, and tell CloudFormation to use that role instead ur 
default
profile.
In this case, you would pass the role via 
--role-arn
t
ah ok that makes sense
I have an aws account per human for dev so I haven't had the need to worry about their access
Open in Slack
PreviousNext
Powered by