Generated IAM role does not include all the necessary permissions.
stepFunctions:
stateMachines:
SendEmails:
name: SendEmails
definition:
StartAt: calculateWaitIntervals
States:
calculateWaitIntervals:
Type: Task
Resource:
Fn::GetAtt: [calculateWaitIntervals, Arn]
Next: Wait
Wait:
Type: Wait
Next: SendEmail
Seconds: 60
SendEmail:
Type: Task
End: true
Parameters:
Content:
Simple:
Body:
Text:
Charset: UTF-8
Data: body
Subject:
Charset: UTF-8
Data: " the subject"
Destination:
ToAddresses:
- my@mail.address
FromEmailAddress: my@mail.address
Resource: arn:aws:states:::aws-sdk:sesv2:sendEmail
validate: true
$ sls deploy --stage tst
Running "serverless" from node_modules
Deploying mydata to stage tst (eu-west-1)
Cannot generate IAM policy statement for Task state { Type: 'Task',
End: true,
Parameters:
{ Content: { Simple: { Body: { Text: [Object] }, Subject: { Charset: 'UTF-8', Data: ' the subject' } } },
Destination: { ToAddresses: [ 'my@mail.address' ] },
FromEmailAddress: 'my@mail.address' },
Resource: 'arn:aws:states:::aws-sdk:sesv2:sendEmail' }
✓ State machine "SendEmails" definition is valid
✔ Service deployed to stack mydata-tst (98s)
This is a Bug Report
Description
For bug reports:
Generated IAM role does not include all the necessary permissions.
What did you expect should have happened?
Given that one of the steps is a call to the SES v2 api, I would expect the generated steps execution role to have the permission to invoke this AWS endpoint.
What was the config you used?
here is a snippet of my serverless.yml file:
when deploying the template, this was printed inthe console:
Similar or dependent issues:
Additional Data