Search code examples
amazon-web-servicesserverless-framework

How can I change the role name for provider level `iamRoleStatements`?

I am using serverless framework to deploy lambdas in AWS. Below is my code:

provider:
  name: aws
  ...
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:DescribeTable
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem

with above definition, serverless will generate a role name in this format:

"RoleName": {
          "Fn::Join": [
            "-",
            [
              "staging-hlpos-cqrs-iac-dbStream",
              "staging",
              {
                "Ref": "AWS::Region"
              },
              "lambdaRole"
            ]
          ]
        }

is there a way for me to change the role name while still keep the iamRoleStatements in provider level?

Solution

  • Yes, you can override/extend the CloudFormation resources generated by Serverless Framework using resources.extensions:

    https://www.serverless.com/framework/docs/providers/aws/guide/resources#override-aws-cloudformation-resource

    Pseudo-code:

    resources:
  extensions:
    IamRoleLambdaExecution:
      Properties:
        RoleName: "my-custom-role-name"

    You need to match the logical id generated by Serverless Framework.

    In the page above we have a list of it, but I often run sls package and verify in my output folder (.serverless) the correct logical id