IAM Roles Per FunctionRecipes
Recipes
Common how-tos for the IAM Roles Per Function plugin.
Recipes are task-shaped — each one solves a specific problem. Use the configuration reference for the full surface; recipes here just show the right combination of settings for common scenarios.
Available recipes
| Recipe | When to use |
|---|---|
| Statement templates | Many functions share the same baseline permissions — define them once, reference by name. |
| Least-privilege enforcement | You want to drop the broad global role and require every function to declare its permissions explicitly. |
| Permissions boundaries and managed policies | Your AWS org enforces an IAM permissions boundary, or your function needs an AWS-managed policy (e.g. VPC). |
Cross-cutting reading
- Installation — setup + smoke test
- Configuration — full reference
- CLI commands —
preview,audit,validate,status - Migration — switching from
serverless-iam-roles-per-function