serverless-iam-roles-per-function/src/test/funcs-with-iam.json

A Serverless plugin to define IAM Role statements as part of the function definition block

{
  "service": "test-service",
  "provider": {
    "stage": "dev",
    "region": "us-east-1",
    "name": "aws",
    "runtime": "python2.7",
    "iamRoleStatements": [
      {
        "Effect": "Allow",
        "Action": [
          "xray:PutTelemetryRecords",
          "xray:PutTraceSegments"
        ],
        "Resource": "*"
      }
    ]
  },
  "functions": {
    "hello": {
      "handler": "handler.hello",
      "iamRoleStatements": [
        {
          "Effect": "Allow",
          "Action": [
            "dynamodb:GetItem"
          ],
          "Resource": "arn:aws:dynamodb:us-east-1:*:table/test"
        }
      ],
      "events": [],
      "name": "test-python-dev-hello",
      "package": {},
      "vpc": {}
    },
    "helloInherit": {
      "handler": "handler.hello",
      "iamRoleStatements": [
        {
          "Effect": "Allow",
          "Action": [
            "dynamodb:GetItem"
          ],
          "Resource": "arn:aws:dynamodb:us-east-1:*:table/test"
        }
      ],
      "iamRoleStatementsInherit": true,
      "events": [],
      "name": "test-python-dev-hello-inherit",
      "package": {},
      "vpc": {}
    },
    "streamHandler": {
      "handler": "handler.stream",
      "iamRoleStatements": [
        {
          "Effect": "Allow",
          "Action": [
            "dynamodb:GetItem"
          ],
          "Resource": "arn:aws:dynamodb:us-east-1:*:table/test"
        }
      ],
      "events": [
        {"stream": "arn:aws:dynamodb:us-east-1:1234567890:table/test/stream/2017-10-09T19:39:15.151"}
      ],
      "name": "test-python-dev-stream-handler",
      "onError": "arn:aws:sns:us-east-1:1234567890123:lambda-dlq",
      "package": {},
      "vpc": {}
    },
    "sqsHandler": {
      "handler": "handler.sqs",
      "iamRoleStatements": [
        {
          "Effect": "Allow",
          "Action": [
            "dynamodb:GetItem"
          ],
          "Resource": "arn:aws:dynamodb:us-east-1:*:table/test"
        }
      ],
      "events": [
        {"sqs": "arn:aws:sqs:us-east-1:1234567890:MyQueue"},
        {"sqs": {"arn": "arn:aws:sqs:us-east-1:1234567890:MyOtherQueue"}}
      ],
      "name": "test-python-dev-sqs-handler",
      "onError": "arn:aws:sns:us-east-1:1234567890123:lambda-dlq",
      "package": {},
      "vpc": {}
    },
    "helloNoPerFunction": {
      "handler": "handler.hello",
      "events": [],
      "name": "test-python-dev-hello-no-per-function",
      "package": {},
      "vpc": {}
    },
    "helloEmptyIamStatements": {
      "handler": "handler.hello",
      "iamRoleStatements": [],
      "events": [],
      "name": "test-python-dev-hello-empty-iam-statements",
      "package": {},
      "vpc": {
        "securityGroupIds": ["sg-xxxxxx"],
        "subnetIds": ["subnet-xxxx", "subnet-yyyy"]
      }
    },
    "helloPermissionsBoundary": {
      "handler": "handler.permissionsBoundary",
      "iamRoleStatements": [],
      "iamPermissionsBoundary": {
        "Fn::Sub": "arn:aws:iam::xxxxx:policy/your_permissions_boundary_policy"
      },
      "events": [],
      "name": "test-permissions-boundary-hello",
      "package": {}
    }
  },
  "resources": {
    "Resources": {
      "HelloLambdaFunction": {
        "Type": "AWS::Lambda::Function",
        "Properties": {
          "TracingConfig": {
            "Mode": "Active"
          }
        }
      }
    }
  },
  "package": {
    "artifact": "test-service.zip",
    "exclude": [
      "node_modules/**",
      "package-lock.json"
    ],
    "artifactDirectoryName": "serverless/test-service/dev/1517233344526-2018-01-29T13:42:24.526Z"
  },
  "artifact": "test-service.zip"
}