I want to assume an IAM role that's already been created in another serverless.yml file. It seems as if using the iam
property is the only (?) way to do this for all of the iam functions at once. The source code I've encountered mainly uses iamRoleStatements
to apply IAM permissions, but that doesn't seem to be made to actually have the option to assume already created roles.
Secondary question, should I use the ARN of the role or create an export for it from the stack where it's being created?
provider:
name: aws
runtime: python3.8
stage: ${opt:stage, 'dev'}
region: ${opt:region, 'eu-west-1'}
iam:
role: arn:aws:iam::123456789012:role/execution-role
iamRoleStatements:
- Effect: Allow
Action:
- events:PutEvents
Resource: arn:aws:events:${self:provider.region}:#{AWS::AccountId}:blablabla-${self:provider.stage}
- Effect: Allow
Action:
- states:SendTaskSuccess
Resource: arn:aws:states:${self:provider.region}:#{AWS::AccountId}:stateMachine:${self:provider.stage}-blablabla