aws-lambda - 发生错误：IamRoleLambdaExecution - 角色的最大策略大小超过 10240 字节

问题描述

在 serverless.yml 中使用 serverless-plugin-split-stacks 并收到此错误

发生错误：IamRoleLambdaExecution - 角色 Vkonnect-dev-ap-south-1-lambdaRole 的最大策略大小超过 10240 字节（服务：AmazonIdentityManagement；状态代码：409；错误代码：LimitExceeded；请求 ID：51920d55-4b81-4b6c- 99f1-d9f0ba087cc2；代理：空）。

当我使用serverless-plugin-custom-roles我得到这个错误

CloudFormation 模板无效：资源之间的循环依赖：[GenerateOtpDocLambdaPermissionApiGateway, DoctorUnderscorelistLambdaPermissionApiGateway ......]

无服务器.yml

service: Vkonnect #Name of your App

provider:
  name: aws
  runtime: nodejs14.x # Node JS version
  memorySize: 128
  timeout: 10
  stage: dev
  region: ap-south-1 # AWS region
  deploymentBucket:
    name: vkonnectlayers
  # iamRoleStatements:
  #   - Effect: "Allow"
  #     Action:
  #       - "s3:*"
  #     Resource:
  # NOTE you can't refer to the LogicalID of S3Bucket, otherwise
  # there will be a circular reference in CloudFormation
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "cloudformation:*"
        - "codecommit:*"
        - "apigateway:*"
        - "execute-api:Invoke"
        - "execute-api:ManageConnections"
        - "cloudformation:DescribeStacks"
        - "cloudformation:ListStackResources"
        - "cloudwatch:ListMetrics"
        - "cloudwatch:GetMetricData"
        - "ec2:DescribeSecurityGroups"
        - "ec2:DescribeSubnets"
        - "ec2:DescribeVpcs"
        - "kms:ListAliases"
        - "iam:GetPolicy"
        - "iam:GetPolicyVersion"
        - "iam:GetRole"
        - "iam:GetRolePolicy"
        - "iam:ListAttachedRolePolicies"
        - "iam:ListRolePolicies"
        - "iam:ListRoles"
        - "lambda:*"
        - "logs:DescribeLogGroups"
        - "states:DescribeStateMachine"
        - "states:ListStateMachines"
        - "tag:GetResources"
        - "xray:GetTraceSummaries"
        - "xray:BatchGetTraces"
      Resource:
        - "*"
        - "arn:aws:apigateway:*::/*"
        - "arn:aws:events:*:*:rule/codecommit*"
        - "arn:aws:logs:*:*:log-group:/aws/lambda/*"

plugins:
  - serverless-offline
  - serverless-layers
  - serverless-plugin-split-stacks
  - serverless-plugin-custom-roles
  # - serverless-nested-stack
package:
  individually: true
  exclude:
    - ./**

custom:
  splitStacks:
    perFunction: false
    perType: false
    perGroupFunction: true
    nestedStackCount: 5
  serverless-layers: # All Layers
    - moment:
        name: moment
        excludeDevDependencies: false
        individually: true
        dependenciesPath: ./layers/moment-layer/package.json
        package:
          patterns:
            - /**
            - "!node_modules/**"

标签： aws-lambdaamazon-iamserverless-frameworkserverless