diff --git a/README.md b/README.md index d0bf4708..79997716 100644 --- a/README.md +++ b/README.md @@ -55,16 +55,16 @@ jobs: with: function-name: my-function-name code-artifacts-dir: my-code-artifacts-dir - # handler: my-handler - # runtime: my-runtime + handler: index.handler + runtime: nodejs22.x # Add any additional inputs this action supports ``` -The required parameters to deploy are `function-name` and `code-artifacts-dir`. If a function with the name specified by `function-name` does not exist, it will be created with the provided code within `code-artifacts-dir` and configuration parameters using the [CreateFunction](https://docs.aws.amazon.com/lambda/latest/api/API_CreateFunction.html) API. - -Handler and runtime default to index.handler and nodejs20.x but can be customized. For the full list of inputs this GitHub Action supports, see [Inputs](#inputs). +The required parameters to deploy are `function-name`, `code-artifacts-dir`, `handler`, and `runtime`. If the function does not exist yet, the `role` parameter is also required to specify the function's IAM execution role. +If a function with the name specified by `function-name` does not exist, it will be created with the provided code within `code-artifacts-dir` and configuration parameters using the [CreateFunction](https://docs.aws.amazon.com/lambda/latest/api/API_CreateFunction.html) API. +For the full list of inputs this GitHub Action supports, see [Inputs](#inputs). ### Update Function Configuration Function configuration will be updated using the [UpdateFunctionConfiguration](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionConfiguration.html) API if configuration values differ from the deployed Lambda function's configuration. @@ -229,13 +229,23 @@ This action requires the following minimum set of permissions: "Sid": "LambdaDeployPermissions", "Effect": "Allow", "Action": [ - "lambda:GetFunction", + "lambda:GetFunctionConfiguration", "lambda:CreateFunction", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:PublishVersion" ], "Resource": "arn:aws:lambda:::function:" + }, + { + "Sid":"PassRolesDefinition", + "Effect":"Allow", + "Action":[ + "iam:PassRole" + ], + "Resource":[ + "arn:aws:iam:::role/" + ] } ] } diff --git a/deploy-lambda-example.yml b/deploy-lambda-example.yml index b87ca29f..9058a6f4 100644 --- a/deploy-lambda-example.yml +++ b/deploy-lambda-example.yml @@ -13,7 +13,7 @@ # - Create a new role with Web Identity as the trusted entity # - Select the OIDC provider you created above # - For "Audience", enter "sts.amazonaws.com" -# - Add a condition to limit the role to your repository: +# - Add a condition to limit the role to your repository: # token.actions.githubusercontent.com:sub: repo:your-org/your-repo:* # - Attach policies for Lambda and S3 permissions (Can be found on the README.md) # @@ -23,7 +23,7 @@ # - LAMBDA_FUNCTION_NAME # - LAMBDA_CODE_ARTIFACTS_DIR # - LAMBDA_HANDLER -# - LAMBDA_RUNTIME +# - LAMBDA_RUNTIME # # 4. Add any additional parameters under the environment variable section and Deploy Lambda Function step. # @@ -47,6 +47,7 @@ env: LAMBDA_CODE_ARTIFACTS_DIR: MY_CODE_ARTIFACTS_DIR # set this to the directory containing your Lambda code LAMBDA_HANDLER: MY_LAMBDA_HANDLER # set this to your Lambda handler LAMBDA_RUNTIME: MY_LAMBDA_RUNTIME # set this to your Lambda runtime + LAMBDA_EXECUTION_ROLE: MY_LAMBDA_EXECUTION_ROLE # set this to your function's IAM execution role # Include additional parameters as needed (Format at LAMBDA_PARAMETER) permissions: @@ -74,7 +75,8 @@ jobs: uses: aws-actions/aws-lambda-deploy@v1 with: function-name: ${{ env.LAMBDA_FUNCTION_NAME }} - code-artifacts-dir: ${{ env.CODE_ARTIFACTS_DIR }} + code-artifacts-dir: ${{ env.LAMBDA_CODE_ARTIFACTS_DIR }} handler: ${{ env.LAMBDA_HANDLER }} runtime: ${{ env.LAMBDA_RUNTIME }} + role: ${{ env.LAMBDA_EXECUTION_ROLE }} # Add any additional inputs your action supports \ No newline at end of file