Invalid permissions on Lambda function error
RTiNo1 opened this issue · 0 comments
RTiNo1 commented
I tried to use this plugin to split resources.
There are several functions in the project, but I want to create stacks for the one specific function - generic, which has a lot of resources
Both with default split or custom stacks-map I'm getting 500 internal server error, caused by "Execution failed due to configuration error: Invalid permissions on Lambda function".
Resources that are not grouped work, only those in stacks do not.
I will be very grateful for any advice where the error may be.
serverless.yml
service: "service-name"
frameworkVersion: "=1.61.2"
plugins:
- serverless-webpack
- serverless-offline
- serverless-aws-alias
- serverless-prune-plugin
- serverless-plugin-split-stacks
custom:
currentStage: ${opt:stage, self:provider.stage}
webpack:
webpackConfig: webpack.config.js
includeModules: true
packager: yarn
excludeFiles: src/**/*.test.js
keepOutputDirectory: true
authorizer:
name: authorizer
type: request
identitySource: method.request.header.Cookie
resultTtlInSeconds: 0
environmentVariables:
ALLOWED_ORIGINS:
Fn::Join:
- " "
- ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
NODE_ENV: ${file(./config/${self:custom.currentStage}.yml):environment.NODE_ENV}
splitStacks:
nestedStackCount: 50
perFunction: false
perType: false
perGroupFunction: true
custom: stacks-map.js
provider:
name: aws
runtime: nodejs12.x
apiName: ${file(./config/${self:custom.currentStage}.yml):stackName}
region: eu-west-1
stage: dev
account_id: ${file(./config/${self:custom.currentStage}.yml):provider.account_id}
timeout: 20
versionFunctions: ${file(./config/${self:custom.currentStage}.yml):provider.versionFunctions}
role: ${file(./config/${self:custom.currentStage}.yml):provider.create_role_arn}
vpc: ${file(./config/${self:custom.currentStage}.yml):provider.vpc}
functions:
ping:
handler: src/functions/alert/ping.ping
role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
environment: ${self:custom.environmentVariables}
events:
- http:
path: alert/ping
method: get
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
authorizer:
handler: src/functions/authorizer/authorizer.handler
role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
auth:
handler: src/functions/auth/auth.auth
role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
environment: ${self:custom.environmentVariables}
events:
- http:
path: v1/auth
method: post
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
- http:
path: v1/auth
method: delete
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
cacheControl: "max-age=0, s-maxage=0, proxy-revalidate"
- http:
path: v1/auth
method: get
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
authCode:
handler: src/functions/auth/authCode.handler
role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
environment: ${self:custom.environmentVariables}
events:
- http:
path: v1/auth/code/{code}
method: get
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
generic:
handler: src/functions/generic/generic.handler
role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
environment: ${self:custom.environmentVariables}
events:
- http:
path: v1/users/{userID}/settings
method: get
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
- http:
path: v1/users/{userID}/settings/{settingName}
method: put
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
- http:
path: v1/merchants/{userID}/api_credentials
method: post
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
- http:
path: v1/merchants/{userID}/api_credentials
method: get
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
- http:
path: v1/merchants/{userID}/default_shipping_profile
method: post
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
- http:
path: v1/merchants/{userID}/default_shipping_profile
method: get
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
- http:
path: v1/merchants/{userID}/price_adjustment
method: post
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
- http:
path: v1/merchants/{userID}/price_adjustment
method: get
authorizer: ${self:custom.authorizer}
cors:
origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
allowCredentials: true
package:
individually: true
exclude:
- node_modules/**
- config/*.yml
- README.md
- package.json
- yarn.lock
- src/**/tests/*
- src/**/*.test.js
- .*
- .*/**
stacks-map.js
const EXCLUDE_TRIGGERS = ["Ping", "Auth", "Authorizer", "AuthCode"]
module.exports = (resource, logicalId) => {
if (EXCLUDE_TRIGGERS.some(trigger => logicalId.startsWith(trigger))) {
return false
}
return null
}