How to resolve require the cfnRole option warning for serverless framework
Serverless framework
is an awesome tool for AWS lambda. For a new project, if you have seen this warning when deploying:
Warned - no cfnRole set:
Require the cfnRole option, which specifies a particular role for CloudFormation to assume while deploying.
It is a typical permission problem, let’s see how to solve it.
1. Open your AWS Console
Find the Roles
section:
- IAM -> Access management -> Roles
Click the Create Role
button
2. Create role
Select type of trusted entity
: AWS ServiceChoose a use case
:CloudFormation
Click the Next:Permission
button at bottom.
3. Attach permissions policies
Select the permissions that you need:
For me they are:
- *
AWSConfigRole
- *
AWSLambdaFullAccess
- *
IAMFullAccess
- *
AmazonAPIGatewayAdministrator
AWSCloudFormationFullAccess
AmazonCognitoPowerUser
The permissions with *
are must-have. Actually, you can fully tweak the IAMFullAccess
, but it lacks information.
Then you can next
to the end.
4. Edit trust relationship
- Click the role you just created, then click
Trust relationships
tab. - Click
Edit trust relationship
button. - You can see a json there, add
"lambda.amazonaws.com"
toStatement.Principal.Service
, make it an array if it is not.
The result looks like this:
1 | { |
5. End
That’s all, hope it helps.
Thanks for reading!
Follow me (albertgao) on twitter, if you want to hear more about my interesting ideas.