Skip to content

Commit

Permalink
add iam:CreateServiceLinkedRole to allow API GW custom domain creation
Browse files Browse the repository at this point in the history
  • Loading branch information
Chris Park committed Jun 27, 2024
1 parent 707d0ec commit ed72493
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion packages/serverless-deploy-iam/bin/app.ts
Original file line number Diff line number Diff line change
Expand Up @@ -481,7 +481,17 @@ export class ServiceDeployIAM extends cdk.Stack {
{
name: "IAM",
resources: [(serviceRole.type as Role).roleArn],
actions: ["iam:PassRole"],
actions: [
"iam:PassRole",
],
},
{
name: "IAM",
prefix: `arn:aws:iam::${accountId}:role`,
qualifiers: ["*"],
actions: [
"iam:CreateServiceLinkedRole"
],
},
{
name: "S3",
Expand Down

0 comments on commit ed72493

Please sign in to comment.