Merge pull request #19 from greyshi/main

greyshi · web-flow · commit 6758ef21db10 · 2025-08-07T14:00:20.000-07:00
docs: fix inaccuracies and points of confusion in docs and examples
diff --git a/README.md b/README.md
@@ -55,16 +55,16 @@ jobs:
       with:
         function-name: my-function-name
         code-artifacts-dir: my-code-artifacts-dir
-        # handler: my-handler
-        # runtime: my-runtime
+        handler: index.handler
+        runtime: nodejs22.x
         # Add any additional inputs this action supports
 ```
 
-The required parameters to deploy are `function-name` and `code-artifacts-dir`. If a function with the name specified by `function-name` does not exist, it will be created with the provided code within `code-artifacts-dir` and configuration parameters using the [CreateFunction](https://docs.aws.amazon.com/lambda/latest/api/API_CreateFunction.html) API.
-
-Handler and runtime default to index.handler and nodejs20.x but can be customized. For the full list of inputs this GitHub Action supports, see [Inputs](#inputs).
+The required parameters to deploy are `function-name`, `code-artifacts-dir`, `handler`, and `runtime`. If the function does not exist yet, the `role` parameter is also required to specify the function's IAM execution role.
 
+If a function with the name specified by `function-name` does not exist, it will be created with the provided code within `code-artifacts-dir` and configuration parameters using the [CreateFunction](https://docs.aws.amazon.com/lambda/latest/api/API_CreateFunction.html) API.
 
+For the full list of inputs this GitHub Action supports, see [Inputs](#inputs).
 
 ### Update Function Configuration
 Function configuration will be updated using the [UpdateFunctionConfiguration](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionConfiguration.html) API if configuration values differ from the deployed Lambda function's configuration.
@@ -229,13 +229,23 @@ This action requires the following minimum set of permissions:
       "Sid": "LambdaDeployPermissions",
       "Effect": "Allow",
       "Action": [
-        "lambda:GetFunction",
+        "lambda:GetFunctionConfiguration",
         "lambda:CreateFunction",
         "lambda:UpdateFunctionCode",
         "lambda:UpdateFunctionConfiguration",
         "lambda:PublishVersion"
       ],
       "Resource": "arn:aws:lambda:<region>:<aws_account_id>:function:<function_name>"
+    },
+    {
+      "Sid":"PassRolesDefinition",
+      "Effect":"Allow",
+      "Action":[
+        "iam:PassRole"
+      ],
+      "Resource":[
+        "arn:aws:iam::<aws_account_id>:role/<function_execution_role_name>"
+      ]
     }
   ]
 }
diff --git a/deploy-lambda-example.yml b/deploy-lambda-example.yml
@@ -13,7 +13,7 @@
 #    - Create a new role with Web Identity as the trusted entity
 #    - Select the OIDC provider you created above
 #    - For "Audience", enter "sts.amazonaws.com"
-#    - Add a condition to limit the role to your repository: 
+#    - Add a condition to limit the role to your repository:
 #      token.actions.githubusercontent.com:sub: repo:your-org/your-repo:*
 #    - Attach policies for Lambda and S3 permissions (Can be found on the README.md)
 #
@@ -23,7 +23,7 @@
 #    - LAMBDA_FUNCTION_NAME
 #    - LAMBDA_CODE_ARTIFACTS_DIR
 #    - LAMBDA_HANDLER
-#    - LAMBDA_RUNTIME 
+#    - LAMBDA_RUNTIME
 #
 # 4. Add any additional parameters under the environment variable section and Deploy Lambda Function step.
 #
@@ -47,6 +47,7 @@ env:
   LAMBDA_CODE_ARTIFACTS_DIR: MY_CODE_ARTIFACTS_DIR  # set this to the directory containing your Lambda code
   LAMBDA_HANDLER: MY_LAMBDA_HANDLER                 # set this to your Lambda handler
   LAMBDA_RUNTIME: MY_LAMBDA_RUNTIME                 # set this to your Lambda runtime
+  LAMBDA_EXECUTION_ROLE: MY_LAMBDA_EXECUTION_ROLE   # set this to your function's IAM execution role
   # Include additional parameters as needed (Format at LAMBDA_PARAMETER)
 
 permissions:
@@ -74,7 +75,8 @@ jobs:
       uses: aws-actions/aws-lambda-deploy@v1
       with:
         function-name: ${{ env.LAMBDA_FUNCTION_NAME }}
-        code-artifacts-dir: ${{ env.CODE_ARTIFACTS_DIR }}
+        code-artifacts-dir: ${{ env.LAMBDA_CODE_ARTIFACTS_DIR }}
         handler: ${{ env.LAMBDA_HANDLER }}
         runtime: ${{ env.LAMBDA_RUNTIME }}
+        role: ${{ env.LAMBDA_EXECUTION_ROLE }}
         # Add any additional inputs your action supports
