我试图使用serverless框架部署一个hello world lambda函数。
但是我得到了下面的错误,即使我没有试图从我的代码中创建任何角色,我只是使用一个现有的角色,它有所有需要的权限。
An error occurred: EnterpriseLogAccessIamRole - API: iam:CreateRole User: arn:
aws:iam::id:user/userid is not authorized to perform: iam:Create
Role on resource: arn:aws:iam::id:role/lambdatest-dev-EnterpriseLogAcc
essIamRole-5M5Q3LBFTAP4.
下面是我的yml文件。
service: lambdatest
# app and org for use with dashboard.serverless.com
app: lambdatest-app
org: orgname
provider:
name: aws
role: arn:aws:iam::id:role/rolename
runtime: python3.8
# you can overwrite defaults here
stage: dev
region: eu-west-1
# you can add statements to the Lambda function's IAM Role here
# iamRoleStatements:
# - Effect: "Allow"
# Action:
# - "s3:ListBucket"
# Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ] }
# - Effect: "Allow"
# Action:
# - "s3:PutObject"
# Resource:
# rolename:
# Type: AWS::IAM::arn:aws:iam::id:role/rolename
#etc etc
# functions:
# hello:
# role: arn:aws:iam::id:role/rolename
# Fn::Join:
# - ""
# - - "arn:aws:s3:::"
# - "Ref" : "ServerlessDeploymentBucket"
# - "/*"
functions:
hello:
handler: handler.hello
这意味着你用来运行框架的用户凭证(你用 $ serverless config credentials)没有正确的IAM权限。
确保你所使用的用户拥有 IAMFullAccess 资源政策;