serverless-nextjs/serverless-next.js

roleArn doesn't work. serverless nextjs creates IAM role every time when deploying

Open

Aperta il 16 set 2021

Vedi su GitHub
 (12 commenti) (1 reazione) (0 assegnatari)TypeScript (3998 star) (447 fork)batch import
buggood first issue

Descrizione

Issue Summary

I specify roleArn inside serverless.yml like below. However, somehow, serverless nextjs always create IAM role.

  • serverless.yml
myApp:
  component: "@sls-next/serverless-component@1.19.0-alpha.27"
  inputs: 
    roleArn: 'roleArn: "arn:aws:iam::123456789012:role/MyCustomLambdaRole"'
    :

Actual behavior

Serveless nextjs creates IAM role every time when deploying.

Expected behavior

Serveless nextjs doesn't create IAM role, just uses the IAM role I specify inside serverless.yml.

Steps to reproduce

  1. Specify IAM role inside serverless.yml
  2. Deploy

Screenshots/Code/Configuration/Logs

Nothing.

Versions

  • OS/Environment: on Github Actions
  • @sls-next/serverless-component version: @sls-next/serverless-component@1.19.0-alpha.27
  • Next.js version: 10.0.1

Additional context

The content of IAM roles serverless nextjs always creates is this.

  • Inline policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Resource": "*",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ]
        },
        {
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::hogehoge/*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ]
        }
    ]
}
  • Trust relations
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "lambda.amazonaws.com",
          "edgelambda.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Checklist

  • You have reviewed the README and FAQs, which answers several common questions.
  • You have reviewed our DEBUGGING wiki and have tried your best to include complete information and reproduction steps (including your configuration) as is possible.
  • You have first tried using the most recent latest or alpha @sls-next/serverless-component release version, which may have already fixed your issue or implemented the feature you are trying to use. Note that the old serverless-next.js component and the serverless-next.js plugin are deprecated and no longer maintained.

Guida contributor

Tech stack
typescriptnodejsaws
Dominio
backenddevopsinfrastructurecloud
Tipo issue
bug
DifficoltàQuanto dovrebbe essere impegnativa per un nuovo contributor.
3
Tempo stimatoTempo stimato per completare e verificare uno scope piccolo.
1-2 days
Stato attivitàQuanto è probabile che la issue sia ancora attiva e reviewable.
stale
ChiarezzaQuanto chiaramente la issue descrive problema, scope e risultato atteso.
clear
Prerequisiti
AWS IAMServerless FrameworkTypeScriptNext.js serverless component
Adatta ai principiantiQuanto la issue è adatta a contributor alla prima esperienza.
45
Direzione di ricerca
Investigate the serverless component's IAM role creation logic in the source code (likely in packages/serverless component). Check if the roleArn input is properly passed through to the AWS CloudFormation template and if there is a condition that skips role creation when roleArn is provided. Review the issue comments for any additional context or proposed solutions. Consider testing by deploying with a minimal configuration to isolate the behavior.