serverless-nextjs/serverless-next.js

roleArn doesn't work. serverless nextjs creates IAM role every time when deploying

Open

#1698 opened on Sep 16, 2021

View on GitHub
 (12 comments) (1 reaction) (0 assignees)TypeScript (3,998 stars) (447 forks)batch import
buggood first issue

Description

Issue Summary

I specify roleArn inside serverless.yml like below. However, somehow, serverless nextjs always create IAM role.

  • serverless.yml
myApp:
  component: "@sls-next/serverless-component@1.19.0-alpha.27"
  inputs: 
    roleArn: 'roleArn: "arn:aws:iam::123456789012:role/MyCustomLambdaRole"'
    :

Actual behavior

Serveless nextjs creates IAM role every time when deploying.

Expected behavior

Serveless nextjs doesn't create IAM role, just uses the IAM role I specify inside serverless.yml.

Steps to reproduce

  1. Specify IAM role inside serverless.yml
  2. Deploy

Screenshots/Code/Configuration/Logs

Nothing.

Versions

  • OS/Environment: on Github Actions
  • @sls-next/serverless-component version: @sls-next/serverless-component@1.19.0-alpha.27
  • Next.js version: 10.0.1

Additional context

The content of IAM roles serverless nextjs always creates is this.

  • Inline policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Resource": "*",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ]
        },
        {
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::hogehoge/*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ]
        }
    ]
}
  • Trust relations
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "lambda.amazonaws.com",
          "edgelambda.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Checklist

  • You have reviewed the README and FAQs, which answers several common questions.
  • You have reviewed our DEBUGGING wiki and have tried your best to include complete information and reproduction steps (including your configuration) as is possible.
  • You have first tried using the most recent latest or alpha @sls-next/serverless-component release version, which may have already fixed your issue or implemented the feature you are trying to use. Note that the old serverless-next.js component and the serverless-next.js plugin are deprecated and no longer maintained.

Contributor guide

Tech stack
typescriptnodejsaws
Domain
backenddevopsinfrastructurecloud
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
AWS IAMServerless FrameworkTypeScriptNext.js serverless component
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
45
Research direction
Investigate the serverless component's IAM role creation logic in the source code (likely in packages/serverless component). Check if the roleArn input is properly passed through to the AWS CloudFormation template and if there is a condition that skips role creation when roleArn is provided. Review the issue comments for any additional context or proposed solutions. Consider testing by deploying with a minimal configuration to isolate the behavior.