This option allows redefinition how IAM protects each stage. This is particularly useful for the following scheme:
Two IAM Terraform stacks, one of stage nonprod and one of stage production.
Multiple Serverless apps, created by pull requests, of stage nonprod-pr-* (e.g. nonprod-pr-123).
A single production Serverless app of stage production.
Wildcarding stage to be nonprod-* in the nonprod module invocation allows the CI role to create dynamic Serverless deployments without the elevated privileges needed to define and edit IAM. The nonprod prefix also prevents these dynamic environments from accessing production Serverless in any way.
This option allows redefinition how IAM protects each stage. This is particularly useful for the following scheme:
nonprodand one of stageproduction.nonprod-pr-*(e.g.nonprod-pr-123).production.Wildcarding stage to be
nonprod-*in the nonprod module invocation allows the CI role to create dynamic Serverless deployments without the elevated privileges needed to define and edit IAM. Thenonprodprefix also prevents these dynamic environments from accessing production Serverless in any way.Verified that logs, invocation, and X-Ray function as expected with the following updated branch in our AWS account: https://github.com/FormidableLabs/aws-lambda-serverless-reference/tree/feature/custom-lambda-role