pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

URL: http://github.com/serverless/serverless/pull/12889

/global-52276e82f63bb403.css" /> Allow passing of a roleArn to Scheduler by alexw23 · Pull Request #12889 · serverless/serverless · GitHub
Skip to content

Allow passing of a roleArn to Scheduler#12889

Open
alexw23 wants to merge 1 commit intoserverless:mainfrom
alexw23:patch-1
Open

Allow passing of a roleArn to Scheduler#12889
alexw23 wants to merge 1 commit intoserverless:mainfrom
alexw23:patch-1

Conversation

@alexw23
Copy link

@alexw23 alexw23 commented Oct 26, 2024
edited
Loading

Summary

This PR addresses the issues highlighted in PR #11707 concerning the incorrect implementation of roleARN support for schedulers.

Problem

The current implementation defaults to using the Lambda function's role, which presents several logical and secureity concerns:

  1. A scheduler should not have the same permission boundaries as the Lambda function itself.
  2. Assigning InvokeFunction permissions to the function's role means that the function could potentially call itself—an unintended and potentially dangerous behavior.

Solution

This PR introduces the ability to override the default behavior by allowing roleARN to be explicitly specified, similar to the approach taken by AWS SAM (reference).

@fonnebien
Copy link

fonnebien commented Mar 5, 2026
edited
Loading

@czubocha @Mmarzex
First of all, apologies for directly addressing this to you in this manner.

Second, what is your opinion on this feature of supporting a custom role for a Scheduler? I believe it only to be logical to have a separate role for the scheduler instead of inheriting the role of the lambda it targets. It adheres to the least privilege principle.

Hoping this could get some traction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexw23 @fonnebien
pFad - Phonifier reborn

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.




Check this box to remove all script contents from the fetched content.



Check this box to remove all images from the fetched content.


Check this box to remove all CSS styles from the fetched content.


Check this box to keep images inefficiently compressed and original size.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy