Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

generated IAM policy lacking permissions for sesv2:sendEmail #610

Open
halx4 opened this issue Apr 18, 2024 · 0 comments
Open

generated IAM policy lacking permissions for sesv2:sendEmail #610

halx4 opened this issue Apr 18, 2024 · 0 comments

Comments

@halx4
Copy link

halx4 commented Apr 18, 2024

This is a Bug Report

Description

For bug reports:

  • What went wrong?

Generated IAM role does not include all the necessary permissions.

  • What did you expect should have happened?
    Given that one of the steps is a call to the SES v2 api, I would expect the generated steps execution role to have the permission to invoke this AWS endpoint.

  • What was the config you used?
    here is a snippet of my serverless.yml file:

stepFunctions:
  stateMachines:
    SendEmails:
      name: SendEmails
      definition:
        StartAt: calculateWaitIntervals
        States:
          calculateWaitIntervals:
            Type: Task
            Resource:
              Fn::GetAtt: [calculateWaitIntervals, Arn]            
            Next: Wait
          Wait:
            Type: Wait
            Next: SendEmail
            Seconds: 60
          SendEmail:
            Type: Task
            End: true
            Parameters:
              Content:
                Simple:
                  Body:
                    Text:
                      Charset: UTF-8
                      Data: body
                  Subject:
                    Charset: UTF-8
                    Data: " the subject"
              Destination:
                ToAddresses:
                - my@mail.address
              FromEmailAddress: my@mail.address
            Resource: arn:aws:states:::aws-sdk:sesv2:sendEmail

  validate: true
  • What stacktrace or error message from your provider did you see?
    when deploying the template, this was printed inthe console:
$ sls deploy --stage tst
Running "serverless" from node_modules

Deploying mydata to stage tst (eu-west-1)
Cannot generate IAM policy statement for Task state { Type: 'Task',
  End: true,
  Parameters:
   { Content: { Simple: { Body: { Text: [Object] }, Subject: { Charset: 'UTF-8', Data: ' the subject' } } },
     Destination: { ToAddresses: [ 'my@mail.address' ] },
     FromEmailAddress: 'my@mail.address' },
  Resource: 'arn:aws:states:::aws-sdk:sesv2:sendEmail' }
✓ State machine "SendEmails" definition is valid

✔ Service deployed to stack mydata-tst (98s)

Similar or dependent issues:

Additional Data

  • Serverless Framework Core Version you're using: 3.26.0
  • The Plugin Version you're using: 3.21.0
  • Operating System: win11
  • Stack Trace:
  • Provider Error messages:
@halx4 halx4 changed the title policy lacking permissions for sesv2:sendEmail generated IAM policy lacking permissions for sesv2:sendEmail Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant