Skip to content
This repository has been archived by the owner on Apr 16, 2022. It is now read-only.

Role property for AWS::Serverless::Function reports as invalid #206

Open
aap69 opened this issue Oct 31, 2018 · 4 comments
Open

Role property for AWS::Serverless::Function reports as invalid #206

aap69 opened this issue Oct 31, 2018 · 4 comments
Labels
accepting-patch bug

Comments

@aap69
Copy link

aap69 commented Oct 31, 2018

When linting an AWS SAM output file, we get this error:

Error: No such property type AWS::Serverless::Function.#Role

Resource definition:

RegisterErrorLambdaFunction:
DependsOn: RegisterErrorStackLogGroup
Properties:
CodeUri: s3://tri-deploy/lambda/api-register/1e0866c6ab4fafa3e64718bc35a3cef2
Environment:
Variables:
ALERT_SNS_TOPIC:
Ref: RegisterAlertSnsTopic
LOG_LEVEL:
Ref: logLevel
Handler: Lambda-DeviceRegistration-ErrorEndState::Lambda_DeviceRegistration_ErrorEndState.ErrorStateFunction::FunctionHandler
Policies:
- Statement:
- Action:
- sns:Publish
Effect: Allow
Resource:
Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${RegisterAlertSnsTopic.TopicName}
Runtime: dotnetcore2.1
Timeout: 300
Type: AWS::Serverless::Function

Property Role is a valid property
@martysweet
Copy link
Owner

Hi @aap69, could you pop that in a code block?

Looks like this is due to the new SAM support @RazzM13. @aap69, I assume you are not defining a role and letting the SAM framework do it for you?

@RazzM13
Copy link
Contributor

RazzM13 commented Oct 31, 2018

Hey @martysweet, I'm having a look at it now.

@RazzM13
Copy link
Contributor

RazzM13 commented Oct 31, 2018

Hello @aap69, could you please provide a full template sample, preferably within a code block, as I have attempted to reproduce this issue by cleaning up your example a bit and I ended up with:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Issue 206
Parameters:
  logLevel:
    Type: string
    Default: someLogLevel

Resources:
  RegisterAlertSnsTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: someTopicName

  RegisterErrorStackLogGroup:
    Type: AWS::Logs::LogGroup

  RegisterErrorLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      # Role: arn:aws:iam::123456789012:role/S3Access
      CodeUri: s3://some-example/lambda/api-register/ffffffffffffffffffffffffffffffff
      Environment:
        Variables:
          ALERT_SNS_TOPIC:
            Ref: RegisterAlertSnsTopic
          LOG_LEVEL:
            Ref: logLevel
      Handler: Lambda-DeviceRegistration-ErrorEndState::Lambda_DeviceRegistration_ErrorEndState.ErrorStateFunction::FunctionHandler
      # Policies:
      #   - Statement:
      #     -
      #       Action:
      #         - sns:Publish
      #       Effect: Allow
      #       Resource:
      #         Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${RegisterAlertSnsTopic.TopicName}
      Runtime: dotnetcore2.1
      Timeout: 300
    DependsOn: RegisterErrorStackLogGroup

Unfortunately, the above does not trigger the issue you described however, it does reflect another issue in regards to the handling of the Policies property and we should probably open up a separate issue about that.

I have tried even inserting a Role myself within the definition however that did not work either and, apparently, that property is not supported by SAM Globals so even though I'm 100% sure that the issue is valid, without a full template sample, I can't easily figure out where it's coming from...

@RazzM13
Copy link
Contributor

RazzM13 commented Oct 31, 2018

In regards to the handling of the Policies property, just opened #207.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
accepting-patch bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@martysweet @aap69 @RazzM13