You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched existing issues, it hasn't been reported yet
Issue description
If I have two lambda functions, each consuming from a separate SQS queue, the resulting IAM role has the SQS section defined as so: { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Resource": [ "arn:aws:sqs:ca-central-1:864919514680:test-queue-1" ] }, { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Resource": [ { "Fn::GetAtt": [ "TestQueue2", "Arn" ] } ] }
Instead, it should be defined as this: { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Resource": [ "arn:aws:sqs:ca-central-1:864919514680:test-queue-1", { "Fn::GetAtt": [ "TestQueue2", "Arn" ] } ] }
I've found that the first option makes the role hit the 10,644 character limit too quickly for no apparent reason, while the second still seems fine for the time being.
The change I've patched to prevent this just moves the PolicyDocument update for SQS in lib/plugins/aws/package/compile/events/sqs.js outside the loop of all functions; I'm fine pushing that up, but let me know if there's a more desired approach for this.
Are you certain it's a bug?
Is the issue caused by a plugin?
Are you using the latest v3 release?
Is there an existing issue for this?
Issue description
If I have two lambda functions, each consuming from a separate SQS queue, the resulting IAM role has the SQS section defined as so:
{ "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Resource": [ "arn:aws:sqs:ca-central-1:864919514680:test-queue-1" ] }, { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Resource": [ { "Fn::GetAtt": [ "TestQueue2", "Arn" ] } ] }
Instead, it should be defined as this:
{ "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Resource": [ "arn:aws:sqs:ca-central-1:864919514680:test-queue-1", { "Fn::GetAtt": [ "TestQueue2", "Arn" ] } ] }
I've found that the first option makes the role hit the 10,644 character limit too quickly for no apparent reason, while the second still seems fine for the time being.
The change I've patched to prevent this just moves the PolicyDocument update for SQS in
lib/plugins/aws/package/compile/events/sqs.js
outside the loop of all functions; I'm fine pushing that up, but let me know if there's a more desired approach for this.Service configuration (serverless.yml) content
Command name and used flags
serverless package
Command output
Environment information
The text was updated successfully, but these errors were encountered: