Missing IAM roles

[WhyNotHugo]

Attempting to deploy a very minimal setup, I've gotten this error:

  Serverless Error ---------------------------------------

  ServerlessError: The function execution role must be assumable with edgelambda.amazonaws.com as well as lambda.amazonaws.com principals. Update the IAM role and try again. Role: arn:aws:iam::822757335928:role/imgiz-2-dev-us-east-1-lambdaRole
      at /usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:1178:27
      at processTicksAndRejections (node:internal/process/task_queues:93:5)

It makes sense. However, trying to add Principal/Service parameters to normal IAM definition on serverless.yml didn't work. I had to resort to this workaround I found here.

Resources:
  IamRoleLambdaExecution:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Statement: 
          - Effect: Allow
            Principal: 
              Service:
                - lambda.amazonaws.com
                - edgelambda.amazonaws.com

Wouldn't it make sense for this to be the default roles assigned by this plugin? Or is that something that serverless handles?

In any case, maybe adding this to the README might help others?

[wzhonggo]

@WhyNotHugo I get error An error occurred: IamRoleLambdaExecution - Missing required field Action (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 814134ec-64e6-4e18-aeae-4ef99165a659; Proxy: null) when use IamRoleLambdaExecution config.

Add Action: sts:AssumeRole to fix it.

Resources:
    IamRoleLambdaExecution:
      Type: "AWS::IAM::Role"
      Properties:
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
                  - edgelambda.amazonaws.com
              Action: sts:AssumeRole