Skip to content

serverless-step-functions plugin is not using provider.iam.role.path #653

Closed
#683
#674
Closed
serverless-step-functions plugin is not using provider.iam.role.path#653
#683
#674
Labels
bughelp wanted
@stavros-liaskos

Description

@stavros-liaskos
stavros-liaskos
opened on Jun 26, 2025

Bug report

Issue

Generated step functions roles are ignoring the path defined under provider.iam.role.path.

How to reproduce

  1. Create a serverless.yml with lambdas and step functions
  2. Set provider.iam.role.path: /teamA/ to streamline access management
  3. Deploy cloudformation stack
  4. Engineers outside teamA cannot update Cloudformation stack.

Lambda iam role is generated with path:

"IamRoleLambdaExecution": {
  "Type": "AWS::IAM::Role",
  "Properties": {
    "AssumeRolePolicyDocument": {
      ...
    },
    "Policies": [
      ...
    ],
    "Path": "/teamA/",
    "RoleName": "...",
    "ManagedPolicyArns": []
  }
}

Step function role is generated without path:

{
  "Type": "AWS::IAM::Role",
  "Properties": {
    "AssumeRolePolicyDocument": {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": "events.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    },
    "Policies": [
      {
        "PolicyName": "some-name",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "states:StartExecution"
              ],
              "Resource": {
                "Ref": "some-ref"
              }
            }
          ]
        }
      }
    ]
  }
}

The fix likely is in updating the IAM role templates e.g. here, here, etc.

What are your thoughts? Would that be a breaking change?

Thank you for this great plugin!

Metadata

Metadata

Assignees

No one assigned

    Labels

    bughelp wanted

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions