search

serverless / desktop

A native GUI application that makes it easy to explore and test Serverless Framework applications built on AWS Lambda.
45 stars 4 forks source link

Broke some IAM permissions? #18

Open DanielWFrancis opened 3 years ago

DanielWFrancis commented 3 years ago

While installing Desktop it had me approve a new cloudstack thingy and now my CircleCI jobs fail when deploying functions:

An error occurred: CustomDashresourceDashapigwDashcwDashroleLambdaFunction - AccessDenied. User doesn't have permission to call iam:GetRole.

This seems not good :(

stevewillard commented 3 years ago

Hi Daniel. First off, thanks for trying out Desktop -- your feedback is greatly appreciated.

Secondly, I'm sorry about the error! I believe I see what is happening. Here's some more context: Desktop asks to create a brand new IAM role, with limited permissions. On our side, we create this role as a Provider. This is the new credential mechanism that our framework uses. It appears that this Provider was incorrectly marked as default, which means that if not specified otherwise, this credential will get used for all deployments.

I went ahead and unset the Desktop Provider as default. So, you should be good to go now.

martinhalford commented 3 years ago

For the record, we had this happen to us too. Our serverless deployments via GitHub Actions stopped working. Debugging found the new IAM role had insufficient permissions.

Very surprised to see that beta Serverless Desktop role being used by our Production deployments!