generated IAM policy lacking permissions for sesv2:sendEmail #610
Description
This is a Bug Report
Description
For bug reports:
- What went wrong?
Generated IAM role does not include all the necessary permissions.
-
What did you expect should have happened?
Given that one of the steps is a call to the SES v2 api, I would expect the generated steps execution role to have the permission to invoke this AWS endpoint. -
What was the config you used?
here is a snippet of my serverless.yml file:
stepFunctions:
stateMachines:
SendEmails:
name: SendEmails
definition:
StartAt: calculateWaitIntervals
States:
calculateWaitIntervals:
Type: Task
Resource:
Fn::GetAtt: [calculateWaitIntervals, Arn]
Next: Wait
Wait:
Type: Wait
Next: SendEmail
Seconds: 60
SendEmail:
Type: Task
End: true
Parameters:
Content:
Simple:
Body:
Text:
Charset: UTF-8
Data: body
Subject:
Charset: UTF-8
Data: " the subject"
Destination:
ToAddresses:
- [email protected]
FromEmailAddress: [email protected]
Resource: arn:aws:states:::aws-sdk:sesv2:sendEmail
validate: true
- What stacktrace or error message from your provider did you see?
when deploying the template, this was printed inthe console:
$ sls deploy --stage tst
Running "serverless" from node_modules
Deploying mydata to stage tst (eu-west-1)
Cannot generate IAM policy statement for Task state { Type: 'Task',
End: true,
Parameters:
{ Content: { Simple: { Body: { Text: [Object] }, Subject: { Charset: 'UTF-8', Data: ' the subject' } } },
Destination: { ToAddresses: [ '[email protected]' ] },
FromEmailAddress: '[email protected]' },
Resource: 'arn:aws:states:::aws-sdk:sesv2:sendEmail' }
✓ State machine "SendEmails" definition is valid
✔ Service deployed to stack mydata-tst (98s)
Similar or dependent issues:
- Generate policy statements for "Call third-party API" states #599
- Cannot generate IAM Policy for dynamodb:scan #584
Additional Data
- Serverless Framework Core Version you're using: 3.26.0
- The Plugin Version you're using: 3.21.0
- Operating System: win11
- Stack Trace:
- Provider Error messages: