Question

我正在尝试使用无服务器框架部署hello world lambda函数。

但是我遇到了错误，即使我没有尝试从代码中创建任何角色，我只是使用具有所有必需权限的现有角色。

  An error occurred: EnterpriseLogAccessIamRole - API: iam:CreateRole User: arn:
aws:iam::id:user/userid is not authorized to perform: iam:Create
Role on resource: arn:aws:iam::id:role/lambdatest-dev-EnterpriseLogAcc
essIamRole-5M5Q3LBFTAP4.

下面是我的yml文件。

service: lambdatest
# app and org for use with dashboard.serverless.com
app: lambdatest-app
org: orgname

provider:
  name: aws
  role: arn:aws:iam::id:role/rolename
  runtime: python3.8

# you can overwrite defaults here
  stage: dev
  region: eu-west-1

# you can add statements to the Lambda function's IAM Role here
  # iamRoleStatements:
    # - Effect: "Allow"
      # Action:
        # - "s3:ListBucket"
      # Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ]  }
    # - Effect: "Allow"
      # Action:
        # - "s3:PutObject"

      # Resource:
        # rolename:
          # Type: AWS::IAM::arn:aws:iam::id:role/rolename
          #etc etc
        # functions:
          # hello:
            # role: arn:aws:iam::id:role/rolename
        # Fn::Join:
          # - ""
          # - - "arn:aws:s3:::"
            # - "Ref" : "ServerlessDeploymentBucket"
            # - "/*"


functions:
  hello:
    handler: handler.hello

Answer 1

这意味着您用于运行框架的用户凭据（使用$ serverless config credentials配置的用户凭据）没有适当的IAM权限。

确保您使用的用户具有IAMFullAccess资源策略。

使用无服务器框架部署lambda函数时出错

1 个答案: