Ensure Serverless Framework Function Should Not Share IAM Roles
You should refrain from using IAM roles across different Serverless Function services to ensure that each service has the minimum privileges needed to perform the required tasks.
It can help you save time on administration, improve security, reduce service costs, and comply with best practices.
Sharing IAM Role could also cause conflicts or errors if you delete or modify the role for one service and affect another service that depends on it.
Risk Level: medium
Platform: AWS Serverless
Spectral Rule ID: SLFW007
REMEDIATION
In function, add role
field
functions:
example:
handler: handler.example
onError: arn:aws:sns:us-east-1:XXXXXX:example
tags:
foo: bar
+ role: arn:aws:iam::XXXXXX:role/role
Read more:
Updated over 1 year ago