iam:CreateRole fails with an explicit deny #3
Assignees
Labels
documentation
Improvements or additions to documentation
Comments
|
Hi Robert, I will include it in the documentation. Also, I will link this Serverless policy generator as well: https://open-sl.github.io/serverless-permission-generator/ , probably that will be enough. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When you deploy the project into an environment that uses AWS permissions boundaries (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) it fails with a role creation error. In my case, Roles could only be created with permissions boundaries applied. Since permissions boundaries are specific to the customer environment, I am not sure if this can be fixed in a generic sense. In my case I was able to fix the problem by setting the rolePermissionsBoundary attribute for the provider in the serverless yaml configuration file:
provider:
...
RolePermissionsBoundary: ....
Maybe it would be a good idea just to mention this in the documentation.
Another suggestion for a documentation enhancement is to mention the AWS permissions needed for this project:
BTW, this is an excellent post. Really enjoyed it.
The text was updated successfully, but these errors were encountered: