npmpackage.info

Gathering detailed insights and metrics for @emilhdiaz/serverless-iam-roles-per-function

@emilhdiaz/serverless-iam-roles-per-function - 1.0.4 | npmpackage.info

@emilhdiaz/serverless-iam-roles-per-function

Serverless Plugin for easily defining IAM roles per function via the use of iamRoleStatements at the function level.

1.0.4

MIT

TypeScript

69.79 kB

1.7

Installations

npm install @emilhdiaz/serverless-iam-roles-per-function

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=6.10.0

Node Version

11.10.0

NPM Version

6.7.0 Score

Supply Chain

98.9

Quality

74.8

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

1

Total

2

Closed

0

Merged

1

Issues

Open

0

Total

0

Closed

0

Releases

Unable to fetch releases

Languages

TypeScript

TypeScript (100%)

Developer

emilhdiaz

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

1 Stars

56 Commits

3 Forks

1 Watchers

3 Branches

1 Contributors

Updated on Aug 05, 2020

Maintainers

View All 1 Contributors

Package Meta Information

Latest Version

1.0.4

Package Id

@emilhdiaz/serverless-iam-roles-per-function@1.0.4

Unpacked Size

69.79 kB

Size

14.32 kB

File Count

NPM Version

6.7.0

Node Version

11.10.0

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

lodash

Dev Dependencies

@types/chai @types/lodash @types/mocha @types/node chai coveralls mocha npm-get-version nyc rimraf serverless source-map-support standard-version ts-node tslint typescript

Serverless IAM Roles Per Function Plugin

A Serverless plugin to easily define IAM roles per function via the use of iamRoleStatements at the function definition block.

Installation

npm install --save-dev serverless-iam-roles-per-function

Add the plugin to serverless.yml:

1plugins:
2  - serverless-iam-roles-per-function

Note: Node 6.10 or higher runtime required.

Usage

Define iamRoleStatements definitions at the function level:

1functions:
2  func1:
3    handler: handler.get
4    iamRoleStatementsName: my-custom-role-name #optional custom role name setting instead of the default generated one
5    iamRoleStatements:
6      - Effect: "Allow"        
7        Action:
8          - dynamodb:GetItem        
9        Resource: "arn:aws:dynamodb:${self:provider.region}:*:table/mytable"
10    ...
11  func2:
12    handler: handler.put    
13    iamRoleStatements:
14      - Effect: "Allow"        
15        Action:
16          - dynamodb:PutItem        
17        Resource: "arn:aws:dynamodb:${self:provider.region}:*:table/mytable"
18    ...

The plugin will create a dedicated role for each function that has an iamRoleStatements definition. It will include the permissions for create and write to CloudWatch logs, stream events and if VPC is defined: AWSLambdaVPCAccessExecutionRole will be included (as is done when using iamRoleStatements at the provider level).

if iamRoleStatements are not defined at the function level default behavior is maintained and the function will receive the global iam role. It is possible to define an empty iamRoleStatements for a function and then the function will receive a dedicated role with only the permissions needed for CloudWatch and (if needed) stream events and VPC. Example of defining a function with empty iamRoleStatements and configured VPC. The function will receive a custom role with CloudWatch logs permissions and the policy AWSLambdaVPCAccessExecutionRole:

1functions:
2  func1:
3    handler: handler.get    
4    iamRoleStatements: []
5    vpc:
6      securityGroupIds:
7        - sg-xxxxxx
8      subnetIds:
9        - subnet-xxxx
10        - subnet-xxxxx

By default, function level iamRoleStatements override the provider level definition. It is also possible to inherit the provider level definition by specifying the option iamRoleStatementsInherit: true:

1provider:
2  name: aws
3  iamRoleStatements:
4    - Effect: "Allow"
5      Action:
6        - xray:PutTelemetryRecords
7        - xray:PutTraceSegments
8      Resource: "*"
9  ...
10functions:
11  func1:
12    handler: handler.get
13    iamRoleStatementsInherit: true
14    iamRoleStatements:
15      - Effect: "Allow"        
16        Action:
17          - dynamodb:GetItem        
18        Resource: "arn:aws:dynamodb:${self:provider.region}:*:table/mytable"

The generated role for func1 will contain both the statements defined at the provider level and the ones defined at the function level.

If you wish to change the default behavior to inherit instead of override it is possible to specify the following custom configuration:

1custom:
2  serverless-iam-roles-per-function:
3    defaultInherit: true

Role Names

The plugin uses a naming convention for function roles which is similar to the naming convention used by the Serverless Framework. Function roles are named with the following convention:

<service-name>-<stage>-<function-name>-<region>-lambdaRole

AWS has a 64 character limit on role names. If the default naming exceeds 64 chars the plugin will remove the suffix: -lambdaRole to shorten the name. If it still exceeds 64 chars an error will be thrown containing a message of the form:

auto generated role name for function: ${functionName} is too long (over 64 chars).
Try setting a custom role name using the property: iamRoleStatementsName.

In this case you should set the role name using the property iamRoleStatementsName. For example:

1functions:
2  func1:
3    handler: handler.get
4    iamRoleStatementsName: my-custom-role-name 
5    iamRoleStatements:
6      - Effect: "Allow"        
7        Action:
8          - dynamodb:GetItem        
9        Resource: "arn:aws:dynamodb:${self:provider.region}:*:table/mytable"
10    ...

More Info

Introduction post: Serverless Framework: Defining Per-Function IAM Roles

Note: Serverless Framework provides support for defining custom IAM roles on a per function level through the use of the role property and creating CloudFormation resources, as documented here. This plugin doesn't support defining both the role property and iamRoleStatements at the function level.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

64 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-rrc9-gqf8-8rwg
Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-h452-7996-h45h
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-qgfr-5hqp-vrw9
Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-pc5p-h8pf-mvwp
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-7xcx-6wjh-7xp2
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

1.7

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More