functionalone/serverless-iam-roles-per-function

SQS event + fn iamRoleStatements breaks sqs event required roles

enapupe opened this issue · 0 comments

(sorry, wanted to be more extensive but on a rush)

It seems using this plugin together with serverless event/sqs will break event/sqs because the function will not receive the required roles to Receive/Delete message:

CloudFormation - CREATE_FAILED - AWS::Lambda::EventSourceMapping - somenameEventSourceMappingSQSSomefn

Serverless: Operation failed!
 An error occurred:
somenameEventSourceMappingSQSomefn - The provided execution role does not have permissions to call DeleteMessage on SQS (Service: AWSLambda; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: a4241910-6139-11e9-9650-af67fae496c2).

I got it working again after adding:

iamRoleStatements:
    - Effect: 'Allow'
      Action:
        - 'sqs:*'
      Resource: 'arn of the sqs event used in this fn'

to all functions that have

events:
    - sqs:
    [...]

Unless this issue is specific to SQS event, I'd guess this would happen to any other kind of event that requires special roles that aren't being set anymore because of how this plugin overrides them