Configure default role to include edgelambda

This patch configures a default lambda role matching what SAM provides in the default role except it also adds edgelambda in the trusted relationships so that there is no need to perform an additional manual step after the fact to include it. Closes: #3 Signed-off-by: Thanh Ha <zxiiro@gmail.com>
2025-10-31 00:12:56 +01:00 · 2021-01-19 18:34:39 -05:00
parent 558ab482d9
commit e4c2ba87ee
2 changed files with 28 additions and 26 deletions
--- a/sam.yaml
+++ b/sam.yaml
@@ -13,6 +13,31 @@ Resources:
      Handler: index.handler
      Runtime: nodejs10.x
      Description: 'Standard Redirects for CloudFront by Digital Sailors via the Serverless Application Repository.'
+      Role: !GetAtt LambdaRole.Arn
      MemorySize: 128
      Timeout: 3
      AutoPublishAlias: 'CurrentProd'
+
+  LambdaRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          Effect: Allow
+          Principal:
+            Service:
+              - lambda.amazonaws.com
+              - edgelambda.amazonaws.com
+          Action: sts:AssumeRole
+      Policies:
+        - PolicyName: edgelambda-policy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - logs:CreateLogGroup
+                  - logs:CreateLogStream
+                  - logs:PutLogEvents
+                Resource: '*'