Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to create a role with inline policy at upload time #82

Open
boxidau opened this issue Apr 5, 2016 · 4 comments
Open

Ability to create a role with inline policy at upload time #82

boxidau opened this issue Apr 5, 2016 · 4 comments
Labels
enhancement

Comments

@boxidau
Copy link

boxidau commented Apr 5, 2016

I'm wanting to use lambda-uploader for work stuff instead of my personal project boxidau/alpha, however I can't define a lambda function role policy in the config file with lambda-uploader.

Here's my implementation of this
https://github.com/boxidau/alpha/blob/master/alpha.py#L105-L137

and example config:
https://github.com/boxidau/alpha/blob/master/example_project/test-lambda2/lambda.json#L8-L33

Any chance this functionality could make it into lambda-uploader?
@jarosser06
Copy link
Contributor

I'm going to let other people weigh in here as well. I'm certainly not against the idea but it does start to change the scope of this project a little bit. The original scope was to simply aid in packaging and uploading/updating lambda functions.

It seems this would be a relatively simple change, check the policy class for a str or object and act off of that? Or maybe something a little more explicit with --create-policy and pass a policy document separately. I'm open to ideas on how this might look.

@martinb3
Copy link
Contributor

martinb3 commented Apr 5, 2016

I wonder if it would be better to use lambda-uploader as an API if you want to do other AWS-ish things in conjunction with it? Combining boto3 and lambda-uploader seems like a reasonable design. Alternately, making it a plugin for the AWS CLI might make sense too.

@boxidau
Copy link
Author

boxidau commented Apr 5, 2016

From the perspective of a user of lambda-uploader I want to write a lambda function, fire off lambda-uploader and be able to call it immediately. At the moment I need to make sure I use CFN or IAM directly to create a role first that I can later associate to the lambda function with the role param in the config file.

I think once we get to the point of having quite a number of lambda functions to setup on an account it will be much easier to just run one tool allowing each lambda function to define it's own role in the lambda.json, it may prevent laziness of just having one very permissive role and associating that with many functions.

To allow for a non breaking change, the JSON file could have role which works with a pre-existing role or policy which allows a policy to be created inline on a role just for the given lambda function. Or like you said Rosser, just check for a string or object on the role key. Seems like a more self contained package.

@jarosser06
Copy link
Contributor

I discussed this with @boxidau offline. I want to leave this issue open and allow for people to weigh in. I am open to a PR demonstrating this functionality and understand that this does expand the scope of the lambda-uploader a bit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@martinb3 @jarosser06 @boxidau