Ensure Serverless Framework Function Should Not Share IAM Roles

You should refrain from using IAM roles across different Serverless Function services to ensure that each service has the minimum privileges needed to perform the required tasks.
It can help you save time on administration, improve security, reduce service costs, and comply with best practices.
Sharing IAM Role could also cause conflicts or errors if you delete or modify the role for one service and affect another service that depends on it.

Suggest Edits

Risk Level: medium
Platform: AWS Serverless
Spectral Rule ID: SLFW007

REMEDIATION

In function, add role field

functions:
  example:
    handler: handler.example
    onError: arn:aws:sns:us-east-1:XXXXXX:example
    tags:
      foo: bar
+   role: arn:aws:iam::XXXXXX:role/role

https://www.serverless.com/framework/docs/providers/aws/guide/iam/
https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_roles.html

Updated 7 months ago

REMEDIATION

Read more: