How do I assign function level IamRoleStatements in Serverless Framework?

Question

I want to assign different permissions for different functions listed in my serverless.yml

 functions:

  hello:

    handler: handler.hello

  crawl-distributor:

    handler: CrawlDistributor.handler

  product-scanner:

    handler: ProductScanner.handler

    iamRoleStatements:

      - Effect: Allow

        Action:

          - dynamodb:*

          - lambda:*

        Resource: "*"

This doesn't seem to work. When I add the iamRoleStatements at the provider level, it works, but ends up applying the permissions to all the functions.

 provider:

  name: aws

  runtime: nodejs4.3

  stage: api

  region: us-east-1

  profile: dev

  iamRoleStatements:

    - Effect: Allow

      Action:

        - dynamodb:*

        - lambda:*

      Resource: "*"

Answer 1

The function role has to be created under resources and also you have to reference this new role inside your function. Check out this documentation.

Example:

service: my-test

 

provider:

  name: aws

  runtime: nodejs4.3

  stage: api

  region: us-east-1

  profile: dev

 

functions:

  hello:

    handler: handler.hello

  crawl-distributor:

    handler: CrawlDistributor.handler

  product-scanner:

    role: myDynamoRole

    handler: ProductScanner.handler

 

resources:

  Resources:

    myDynamoRole:

      Type: AWS::IAM::Role

      Properties:

        RoleName: myDynamoRole

        AssumeRolePolicyDocument:

          Version: '2012-10-17'

          Statement:

            - Effect: Allow

              Principal:

                Service:

                  - lambda.amazonaws.com

              Action: sts:AssumeRole

        Policies:

          - PolicyName: myPolicyName

            PolicyDocument:

              Version: '2012-10-17'

              Statement:

                - Effect: Allow

                  Action:

                    - dynamodb:*

                    - lambda:*

                  Resource: "*"