refactor: Ensure use of modern iam.role syntax

serverless · Nov 10, 2021 · 156bfae · 156bfae
1 parent 3c8a2e3
commit 156bfae
Show file tree

Hide file tree

Showing 26 changed files with 293 additions and 246 deletions.
diff --git a/aws-ffmpeg-layer/serverless.yml b/aws-ffmpeg-layer/serverless.yml
@@ -1,5 +1,5 @@
 service: gifmaker
-frameworkVersion: ">=1.34.0 <2.0.0"
+frameworkVersion: ">=2.24.0"
 
 provider:
   name: aws

diff --git a/aws-golang-dynamo-stream-to-elasticsearch/serverless.yml b/aws-golang-dynamo-stream-to-elasticsearch/serverless.yml
@@ -6,33 +6,34 @@ provider:
   environment:
     ELASTICSEARCH_URL:
       Fn::GetAtt: ["PuppySearch", "DomainEndpoint"]
-
-  iamRoleStatements:
-    - Effect: Allow
-      Action:
-        - 'dynamodb:ListTables'
-        - 'dynamodb:DescribeTable'
-        - 'dynamodb:DescribeStream'
-        - 'dynamodb:ListStreams'
-        - 'dynamodb:GetShardIterator'
-        - 'dynamodb:BatchGetItem'
-        - 'dynamodb:GetItem'
-        - 'dynamodb:Query'
-        - 'dynamodb:Scan'
-        - 'dynamodb:DescribeReservedCapacity'
-        - 'dynamodb:DescribeReservedCapacityOfferings'
-        - 'dynamodb:GetRecords'
-      Resource:
-        - { "Fn::GetAtt": ["PuppyDemo", "Arn"] }
-    - Effect: Allow
-      Action:
-        - es:ESHttpPost
-        - es:ESHttpPut
-        - es:ESHttpDelete
-        - es:ESHttpGet
-      Resource:
-        - { "Fn::GetAtt": ["PuppySearch", "DomainArn"] }
-        - { "Fn::Join": ["", ["Fn::GetAtt": ["PuppySearch", "DomainArn"], "/*"]] }
+  iam:
+    role:
+      statements:
+        - Effect: Allow
+          Action:
+            - 'dynamodb:ListTables'
+            - 'dynamodb:DescribeTable'
+            - 'dynamodb:DescribeStream'
+            - 'dynamodb:ListStreams'
+            - 'dynamodb:GetShardIterator'
+            - 'dynamodb:BatchGetItem'
+            - 'dynamodb:GetItem'
+            - 'dynamodb:Query'
+            - 'dynamodb:Scan'
+            - 'dynamodb:DescribeReservedCapacity'
+            - 'dynamodb:DescribeReservedCapacityOfferings'
+            - 'dynamodb:GetRecords'
+          Resource:
+            - { "Fn::GetAtt": ["PuppyDemo", "Arn"] }
+        - Effect: Allow
+          Action:
+            - es:ESHttpPost
+            - es:ESHttpPut
+            - es:ESHttpDelete
+            - es:ESHttpGet
+          Resource:
+            - { "Fn::GetAtt": ["PuppySearch", "DomainArn"] }
+            - { "Fn::Join": ["", ["Fn::GetAtt": ["PuppySearch", "DomainArn"], "/*"]] }
 
 package:
   exclude:

diff --git a/aws-golang-googlemap/serverless.yml b/aws-golang-googlemap/serverless.yml
@@ -16,7 +16,7 @@ service: gomapservice # NOTE: update this with your service name
 # You can pin your service to only deploy with a specific Serverless version
 # Check out our docs for more details
 # frameworkVersion: "=X.X.X"
-frameworkVersion: ">=1.28.0 <2.0.0"
+frameworkVersion: ">=2.24.0"
 
 provider:
   name: aws
@@ -29,20 +29,22 @@ provider:
   region: ap-southeast-1
 
 # you can add statements to the Lambda function's IAM Role here
-#  iamRoleStatements:
-#    - Effect: "Allow"
-#      Action:
-#        - "s3:ListBucket"
-#      Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ]  }
-#    - Effect: "Allow"
-#      Action:
-#        - "s3:PutObject"
-#      Resource:
-#        Fn::Join:
-#          - ""
-#          - - "arn:aws:s3:::"
-#            - "Ref" : "ServerlessDeploymentBucket"
-#            - "/*"
+#  iam:
+#    role:
+#      statements:
+#        - Effect: "Allow"
+#          Action:
+#            - "s3:ListBucket"
+#          Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ]  }
+#        - Effect: "Allow"
+#          Action:
+#            - "s3:PutObject"
+#          Resource:
+#            Fn::Join:
+#              - ""
+#              - - "arn:aws:s3:::"
+#                - "Ref" : "ServerlessDeploymentBucket"
+#                - "/*"
 
 # you can define service wide environment variables here
 #  environment:

diff --git a/aws-golang-http-get-post/serverless.yml b/aws-golang-http-get-post/serverless.yml
@@ -16,7 +16,7 @@ service: goservice # NOTE: update this with your service name
 # You can pin your service to only deploy with a specific Serverless version
 # Check out our docs for more details
 # frameworkVersion: "=X.X.X"
-frameworkVersion: ">=1.28.0 <2.0.0"
+frameworkVersion: ">=2.24.0"
 
 provider:
   name: aws
@@ -26,21 +26,24 @@ provider:
 #  stage: dev
 #  region: us-east-1
 
+
 # you can add statements to the Lambda function's IAM Role here
-#  iamRoleStatements:
-#    - Effect: "Allow"
-#      Action:
-#        - "s3:ListBucket"
-#      Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ]  }
-#    - Effect: "Allow"
-#      Action:
-#        - "s3:PutObject"
-#      Resource:
-#        Fn::Join:
-#          - ""
-#          - - "arn:aws:s3:::"
-#            - "Ref" : "ServerlessDeploymentBucket"
-#            - "/*"
+#  iam:
+#    role:
+#      statements:
+#        - Effect: "Allow"
+#          Action:
+#            - "s3:ListBucket"
+#          Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ]  }
+#        - Effect: "Allow"
+#          Action:
+#            - "s3:PutObject"
+#          Resource:
+#            Fn::Join:
+#              - ""
+#              - - "arn:aws:s3:::"
+#                - "Ref" : "ServerlessDeploymentBucket"
+#                - "/*"
 
 # you can define service wide environment variables here
 #  environment:

diff --git a/aws-golang-rest-api-with-dynamodb/serverless.yml b/aws-golang-rest-api-with-dynamodb/serverless.yml
@@ -1,23 +1,25 @@
 app: aws-golang-rest-api-with-dynamodb
 service: aws-golang-rest-api-with-dynamodb
 
-frameworkVersion: ">=1.1.0 <=2.1.1"
+frameworkVersion: ">=2.24.0"
 
 provider:
   name: aws
   runtime: go1.x
   environment:
     DYNAMODB_TABLE: ${self:service}-${opt:stage, self:provider.stage}
-  iamRoleStatements:
-    - Effect: Allow
-      Action:
-        - dynamodb:Query
-        - dynamodb:Scan
-        - dynamodb:GetItem
-        - dynamodb:PutItem
-        - dynamodb:UpdateItem
-        - dynamodb:DeleteItem
-      Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}"
+  iam:
+    role:
+      statements:
+        - Effect: Allow
+          Action:
+            - dynamodb:Query
+            - dynamodb:Scan
+            - dynamodb:GetItem
+            - dynamodb:PutItem
+            - dynamodb:UpdateItem
+            - dynamodb:DeleteItem
+          Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}"
 
 functions:
   create:

diff --git a/aws-golang-s3-file-replicator/serverless.yml b/aws-golang-s3-file-replicator/serverless.yml
@@ -1,5 +1,5 @@
 service: aws-golang-s3-file-replicator
-frameworkVersion: ">=1.28.0 <2.0.0"
+frameworkVersion: ">=2.24.0"
 
 custom:
   inputBucket: replicator-input-101
@@ -12,15 +12,17 @@ provider:
   region: ap-northeast-1
   memorySize: 128
   timeout: 30
-  iamRoleStatements:
-    - Effect: Allow
-      Action:
-        - s3:*
-      Resource: "arn:aws:s3:::${self:custom.outputBucket}/*"
-    - Effect: Allow
-      Action:
-        - s3:*
-      Resource: "arn:aws:s3:::${self:custom.inputBucket}/*"
+  iam:
+    role:
+      statements:
+        - Effect: Allow
+          Action:
+            - s3:*
+          Resource: "arn:aws:s3:::${self:custom.outputBucket}/*"
+        - Effect: Allow
+          Action:
+            - s3:*
+          Resource: "arn:aws:s3:::${self:custom.inputBucket}/*"
 
 package:
   exclude:

diff --git a/aws-node-dynamodb-backup/serverless.yml b/aws-node-dynamodb-backup/serverless.yml
@@ -9,18 +9,20 @@ provider:
   name: aws
   runtime: nodejs12.x
   stage: staging
-  iamRoleStatements:
-    - Effect: Allow
-      Action:
-        - s3:PutObject
-      Resource: "arn:aws:s3:::${self:custom.bucket}/${self:custom.prefix}/${self:custom.dynamoDBTableName}/*"
-    - Effect: Allow
-      Action:
-        - "dynamodb:GetRecords"
-        - "dynamodb:GetShardIterator"
-        - "dynamodb:DescribeStream"
-        - "dynamodb:ListStreams"
-      Resource: "arn:aws:dynamodb:ap-southeast-1:*:table/${self:custom.dynamoDBTableName}/stream/*"
+  iam:
+    role:
+      statements:
+        - Effect: Allow
+          Action:
+            - s3:PutObject
+          Resource: "arn:aws:s3:::${self:custom.bucket}/${self:custom.prefix}/${self:custom.dynamoDBTableName}/*"
+        - Effect: Allow
+          Action:
+            - "dynamodb:GetRecords"
+            - "dynamodb:GetShardIterator"
+            - "dynamodb:DescribeStream"
+            - "dynamodb:ListStreams"
+          Resource: "arn:aws:dynamodb:ap-southeast-1:*:table/${self:custom.dynamoDBTableName}/stream/*"
 
 functions:
   backup:

diff --git a/aws-node-fetch-file-and-store-in-s3/serverless.yml b/aws-node-fetch-file-and-store-in-s3/serverless.yml
@@ -1,6 +1,6 @@
 service: fetch-file-and-store-in-s3
 
-frameworkVersion: ">=1.1.0"
+frameworkVersion: ">=2.24.0"
 
 custom:
   bucket: <your-bucket-name>
@@ -10,12 +10,14 @@ provider:
   runtime: nodejs12.x
   stage: dev
   region: us-west-1
-  iamRoleStatements:
-    - Effect: Allow
-      Action:
-        - s3:PutObject
-        - s3:PutObjectAcl
-      Resource: "arn:aws:s3:::${self:custom.bucket}/*"
+  iam:
+    role:
+      statements:
+        - Effect: Allow
+          Action:
+            - s3:PutObject
+            - s3:PutObjectAcl
+          Resource: "arn:aws:s3:::${self:custom.bucket}/*"
 
 functions:
   save:

diff --git a/aws-node-graphql-and-rds/serverless.yml b/aws-node-graphql-and-rds/serverless.yml
@@ -6,7 +6,8 @@ provider:
   stage: dev
   memorySize: 256
   runtime: nodejs12.x
-  role: LambdaRole
+  iam:
+    role: LambdaRole
   environment:
     #aurora
     AURORA_HOST: ${self:custom.AURORA.HOST}

diff --git a/aws-node-graphql-api-with-dynamodb/serverless.yml b/aws-node-graphql-api-with-dynamodb/serverless.yml
@@ -5,12 +5,14 @@ provider:
   runtime: nodejs10.x
   environment:
     DYNAMODB_TABLE: ${self:service}-${self:provider.stage}
-  iamRoleStatements:
-    - Effect: Allow
-      Action:
-        - dynamodb:GetItem
-        - dynamodb:UpdateItem
-      Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}"
+  iam:
+    role:
+      statements:
+        - Effect: Allow
+          Action:
+            - dynamodb:GetItem
+            - dynamodb:UpdateItem
+          Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}"
 
 functions:
   query:

diff --git a/aws-node-recursive-function/serverless.yml b/aws-node-recursive-function/serverless.yml
@@ -7,12 +7,14 @@ custom:
 provider:
   name: aws
   runtime: nodejs12.x
-#  iamRoleStatements:
-#    -  Effect: "Allow"
-#       Action:
-#         - "lambda:InvokeFunction"
-#       Resource: ${self:custom.functionARN}
+#  iam:
+#    role:
+#      statements:
+#        -  Effect: "Allow"
+#           Action:
+#             - "lambda:InvokeFunction"
+#           Resource: ${self:custom.functionARN}
 
 functions:
   recursiveExample:
-    handler: handler.recursiveLambda
+    handler: handler.recursiveLambda
diff --git a/aws-node-rekognition-analysis-s3-image/serverless.yml b/aws-node-rekognition-analysis-s3-image/serverless.yml
@@ -9,16 +9,17 @@ provider:
   timeout: 10
   stage: dev
   region: us-east-1
-
-  iamRoleStatements:
-    - Effect: Allow
-      Action:
-        - s3:*
-      Resource: "*"
-    - Effect: "Allow"
-      Action:
-        - "rekognition:*"
-      Resource: "*"   
+  iam:
+    role:
+      statements:
+        - Effect: Allow
+          Action:
+            - s3:*
+          Resource: "*"
+        - Effect: "Allow"
+          Action:
+            - "rekognition:*"
+          Resource: "*"   
 
 functions:
   imageAnalysis: