Im trying to enable Lambda Insights. Insights needs CloudWatchLambdaInsightsExecutionRolePolicy, but it gets overridden even with iamRoleStatementsInherit flag. defaultInherit does not work as well.
....
provider: {
name: 'aws',
runtime: 'nodejs12.x',
region: 'eu-west-2',
iamManagedPolicies: ["arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"],
},
functions: {
getSessions: {
handler: 'build/getSessions.handler',
timeout: 15,
package: {
include: ['build/getSessions*'],
},
events: [
{
httpApi: {
method: 'get',
path: '/sessions',
authorizer: {
name: 'customAuthorizer'
},
},
},
],
iamRoleStatementsInherit: true,
iamRoleStatements: [
{
Effect: 'Allow',
Action: ['ssm:GetParameters*'],
Resource: {
"Fn::Sub":'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${self:custom.stage}/*'
}
},
{
Effect: 'Allow',
Action: ['kms:Decrypt'],
Resource: {
"Fn::Sub":'arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/CMK'
}
},
],
layers: [
`arn:aws:lambda:eu-west-2:580247275435:layer:LambdaInsightsExtension:14`
]
},
Im trying to enable Lambda Insights. Insights needs
CloudWatchLambdaInsightsExecutionRolePolicy, but it gets overridden even withiamRoleStatementsInheritflag.defaultInheritdoes not work as well.