I have programatic access to an aws account and when I try to deploy the a basic function, I get:
User: arn:aws:iam::xxxx:user/myname is not authorized to perform: cloudformation:DescribeStacks on resource: arn:aws:cloudformation:eu-west-1:xxxxxx:stack/hello-world-dev/*
I checked my keys and they are correct, I assume my user does not have cloudformation access.
My question is, is it possible to set the permissions for my user in the yaml file? For example cloudformation full access, lambda full access, etc.
You can find my functiona and yaml file bellow:
handler.js
module.exports.helloWorld = (event, context, callback) => {
const response = {
statusCode: 200,
headers: {
'Access-Control-Allow-Origin': '*', // Required for CORS support to work
},
body: JSON.stringify({
message: 'Go Serverless v1.0! Your function executed successfully!',
input: event,
}),
};
callback(null, response);
};
serverless.yaml
service: hello-world
provider:
name: aws
runtime: nodejs8.10
region: eu-west-1
# iamRoleStatements:
# - Effect: "Allow"
# Action:
# - cloudformation: CreateStack
# - cloudformation: DescribeStacks
# - cloudformation: CreateChangeSet
# - cloudformation: ListStacks
# - cloudformation: UpdateStack
# - cloudformation: DescribeChangeSet
# - cloudformation: ExecuteChangeSet
# - iam: GetRole
# - lambda: UpdateFunctionCode
# - lambda: UpdateFunctionConfig
# - lambda: GetFunctionConfiguration
# - lambda: AddPermission
# - s3: GetObject
# Resource: "*"
# The `functions` block defines what code to deploy
functions:
helloWorld:
handler: handler.helloWorld
# The `events` block defines how to trigger the handler.helloWorld code
events:
- http:
path: hello-world
method: get
cors: true
