SQS event + fn iamRoleStatements breaks sqs event required roles
enapupe opened this issue · 0 comments
enapupe commented
(sorry, wanted to be more extensive but on a rush)
It seems using this plugin together with serverless event/sqs will break event/sqs because the function will not receive the required roles to Receive/Delete message:
CloudFormation - CREATE_FAILED - AWS::Lambda::EventSourceMapping - somenameEventSourceMappingSQSSomefn
Serverless: Operation failed!
An error occurred:
somenameEventSourceMappingSQSomefn - The provided execution role does not have permissions to call DeleteMessage on SQS (Service: AWSLambda; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: a4241910-6139-11e9-9650-af67fae496c2).
I got it working again after adding:
iamRoleStatements:
- Effect: 'Allow'
Action:
- 'sqs:*'
Resource: 'arn of the sqs event used in this fn'
to all functions that have
events:
- sqs:
[...]
Unless this issue is specific to SQS event, I'd guess this would happen to any other kind of event that requires special roles that aren't being set anymore because of how this plugin overrides them