https://github.com/aligent/serverless-access-roles-generator

https://github.com/aligent/serverless-access-roles-generator

serverless

Last synced: 4 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/aligent/serverless-access-roles-generator
• Owner: aligent
• License: gpl-3.0
• Created: 2023-11-16T22:21:56.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-02-19T10:08:16.000Z (about 2 years ago)
• Last Synced: 2025-02-16T13:24:05.050Z (about 1 year ago)
• Topics: serverless
• Language: TypeScript
• Size: 388 KB
• Stars: 0
• Watchers: 7
• Forks: 0
• Open Issues: 5
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Serverless Access Roles Generator

A [Serverless framework](https://www.serverless.com) plugin for:

- Generate access roles for exported services (generated by [serverless-export-resources](https://github.com/aligent/serverless-export-resources) plugin).

- Collect and export the result to a specific file.

## Serverless configuration

The plugin is configured within the `serverless.yaml` by providing configuration values as the example below

```yaml

custom:

  accessRolesGenerator:

    principalAccountId: principal_aws_account_id

    principalRoleName: principal_role_name

    externalId: ${self:service}-${self:provider.stage}

```

### Variables

| Variable           | Usage                                                                                                                                                  |

| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ |

| principalAccountId | Principal Account Id that is used to generate access role.                                                                                             |

| principalRoleName  | Principal Role Name that is used to generate access role.                                                                                              |

| externalId         | A string to identify the app. Can be a random string.                                                                                                  |

| exportPrefix       | A string to filter the exported services. Default to `aser`. If provided, make sure it match the configuration in `serverless-export-resources` plugin |

| outDir             | Destination folder for exporting services' arn, description, and role. Default to `dist/data`                                                          |

| outFilename        | Name of the file that services will be exported to. Default to `service-outputs.json`                                                                  |

## References:

- For more information about principal account & role name, check this [AWS document](https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/)

- More information about `externalId`, check this [AWS document](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)