amazon-web-servicesaws-lambdaserverless-frameworkaws-iot

Serverless Framework is not applying the IAM statements


I have a very simple Lambda function that listens for events on an MQTT topic, and that part is working perfectly. However, the function is not able to publish to another topic, which is not working as expected.

I added the necessary IAM roles and statements in my Serverless Framework configuration. However, when I checked in the AWS Console, I noticed that these roles are not being applied. What did I do wrong?

functions:
  receiver:
    handler: app/receiver/handle.handler
    statements:
      - Effect: Allow
        Action:
          - iot:Publish
        Resource:
          - arn:aws:iot:us-east-1:295119111913:topic/sdk/test/js
    events:
      - iot:
          sql: "SELECT encode(*, 'base64') AS data FROM 'sdk/test/python'"
          sqlVersion: '2016-03-23'

Solution

  • The way you're trying to add statements is not supported by Serverless Framework. If you'd like to add those statements only to a single Lambda function, you will need https://github.com/functionalone/serverless-iam-roles-per-function plugin and use iamRoleStatements property. If you want to add those statements to the default role, you can do it as presented in docs here: https://www.serverless.com/framework/docs/providers/aws/guide/iam#the-default-iam-role