From 4f2dc57eb860f0bf4f7d6bcd09c683d71aa3cb16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eslam=20=CE=BB=20Hefnawy?= <eahefnawy@gmail.com>
Date: Mon, 24 Jun 2024 12:00:30 -0700
Subject: [PATCH] fix(dev): ensures that dev mode supports the
 serverless-iam-role-per-function plugin (#12633)

---
 lib/plugins/aws/dev/index.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/plugins/aws/dev/index.js b/lib/plugins/aws/dev/index.js
index 343629aa8..5d84dca7e 100644
--- a/lib/plugins/aws/dev/index.js
+++ b/lib/plugins/aws/dev/index.js
@@ -589,6 +589,22 @@ class AwsDev {
       functionConfig.environment.SLS_SERVICE = serviceName
       functionConfig.environment.SLS_STAGE = stageName
       functionConfig.environment.SLS_FUNCTION = functionName
+
+      // Make sure dev mode also supports the "serverless-iam-roles-per-function" plugin:
+      // https://github.com/functionalone/serverless-iam-roles-per-function
+      // Issue Ref: https://github.com/serverless/serverless/issues/12619
+      if (
+        functionConfig.iamRoleStatements &&
+        Array.isArray(functionConfig.iamRoleStatements)
+      ) {
+        const functionIamRoleStatements = functionConfig.iamRoleStatements
+
+        functionIamRoleStatements.push({
+          Effect: 'Allow',
+          Action: ['iot:*'],
+          Resource: '*',
+        })
+      }
     })
 
     // Disable observability if it's enabled