You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched existing issues, it hasn't been reported yet
Issue description
I'm running into a problem while trying to deploy my current project where the "EnterpriseLogAccessIamRole" policy is exceeding the maximum limit of 10240 bytes. Given the size of the project, there are simply too many functions to fit within a single policy.
I tried to use this plugin: https://github.com/AntonBazhal/serverless-plugin-custom-roles but it doesn't appear to deal with my particular issue.
I reached out to serverless support and was told that there is indeed no way of altering the output of the EnterpriseLogAccessIamRole policy and that this was a current limitation of serverless. I have been made aware of a workaround (splitting the service into multiple smaller parts), but was urged to log this as an issue in hopes of a less drastic solution being considered.
.filter(([,{ Type }])=>Type==='AWS::Logs::LogGroup')
.map(([logicalId])=>({
'Fn::GetAtt': [logicalId,'Arn'],
A quick fix that comes to my mind is to allow to override this policy, and then user may come up with some general catch-all rule that will cover all log groups in a given service
Are you certain it's a bug?
Is the issue caused by a plugin?
Are you using the latest version?
Is there an existing issue for this?
Issue description
I'm running into a problem while trying to deploy my current project where the "EnterpriseLogAccessIamRole" policy is exceeding the maximum limit of 10240 bytes. Given the size of the project, there are simply too many functions to fit within a single policy.
I tried to use this plugin: https://github.com/AntonBazhal/serverless-plugin-custom-roles but it doesn't appear to deal with my particular issue.
I reached out to serverless support and was told that there is indeed no way of altering the output of the EnterpriseLogAccessIamRole policy and that this was a current limitation of serverless. I have been made aware of a workaround (splitting the service into multiple smaller parts), but was urged to log this as an issue in hopes of a less drastic solution being considered.
Service configuration (serverless.yml) content
N/A
Command name and used flags
N/A
Command output
Environment information
The text was updated successfully, but these errors were encountered: