Description
Hi,
I'm using agiledigital/serverless-sns-sqs-lambda and it works great, but I had an issue while using it with serverless-iam-roles-per-function plugin and I didn't found any information about it.
Before, we were using the snssqs plugin within already created serverless projects, that had the permissions globally. So every function inherits all the defined permissions. That's not a great pattern, I know :-|.
I took the opportunity that allows me a new fresh project to finally use the serverless-iam-roles-per-function plugin, so that every function has the minimal permissions.
And so I found the error while deploying my project and I will try to describe what happened :
First attempt:
- Current Conditions:
- The lambda was not previously created on my AWS account.
- The lambda has a iamRoleStatements definition
- Deploy Results:
- Deploy error. Resource handler returned message: "Invalid request provided: The provided execution role does not have permissions to call ReceiveMessage on SQS (Service: Lambda, Status Code: 400, HandlerErrorCode: InvalidRequest)
Second attempt:
- Current Conditions:
- The lambda was not previously created on my AWS account.
- I removed the iamRoleStatements definition
- Deploy Results:
- No Deploy error, so the lambda was created with the snsSqs subscription.
Third attempt:
- Current Conditions:
- The lambda already exists from the Second Attempt.
- I added the iamRoleStatements definition
- Deploy Results:
- No Deploy error, so the lambda maintains its snssqs subscription and has the role by function.
I found a workaround, but it will be nice to fix it or to add this information to troubleshoot it.
Thanks in advance.
Carlos ;-)