If no role is provided, we should provide an option to create one automatically. This needs to include the AWSLambdaBasicExecutionRole policy by default.
Other policies could be configured. A possible configuration schema might look like this:
role:
name: lambda-role
create: true
policies:
- name: AWSLambdaDynamoDBExecutionRole
- arn: arn:aws:iam::aws:policy/AmazonS3FullAccess
- inline: |
{
...
}(create: false would be the default, and would throw an error if the role does not exist.)
If no role is provided, we should provide an option to create one automatically. This needs to include the
AWSLambdaBasicExecutionRolepolicy by default.Other policies could be configured. A possible configuration schema might look like this:
(
create: falsewould be the default, and would throw an error if the role does not exist.)