allow to specify lambdaRoleName

Author: mprzytulski

README.md

@@ -39,6 +39,8 @@ Configure the AWS KMS key id and lambdaArn for the plugin in serverless.yml:
 
 - kmsKeyId: the `KeyId`, `Alias`, or `Arn` used to identify the KMS key
   (**Required**)
+- lambdaRoleName: the name of the lambda role you wish to grant access to KMS key.
+  (Optional). If name is not specified the plugin will try with default role name.
 - lambdaRoleArn: the Arn of the lambda you wish to grant access to the KMS key
   (Optional). If an arn is not specified, the plugin will look for the default
   lambdaRole and obtain its arn. The default serverless lambda role follows the

index.js

@@ -40,12 +40,12 @@ class ServerlessKmsGrants {
     if (grantID === null) {
       this.serverless.cli.log("Creating KMS grant for " + lambdaArn);
       await this.kms
-        .createGrant({
-          KeyId: keyArn,
-          GranteePrincipal: lambdaArn,
-          Operations: ["Encrypt", "Decrypt"],
-        })
-        .promise();
+          .createGrant({
+            KeyId: keyArn,
+            GranteePrincipal: lambdaArn,
+            Operations: ["Encrypt", "Decrypt"],
+          })
+          .promise();
     } else {
       this.serverless.cli.log("KMS grant already exists for " + lambdaArn);
     }
@@ -81,8 +81,8 @@ class ServerlessKmsGrants {
     return lambdaRole;
   }
 
-  async getLambdaArn() {
-    let lambdaRole = this.getLambdaRole();
+  async getLambdaArn(lambdaRoleName) {
+    let lambdaRole = lambdaRoleName || this.getLambdaRole();
     const iam = new aws.IAM({
       region: this.serverless.service.provider.region,
     });
@@ -99,21 +99,31 @@ class ServerlessKmsGrants {
     }
 
     let lambdaArn = _.get(
-      this.serverless.service,
-      "custom.kmsGrants.lambdaRoleArn",
+        this.serverless.service,
+        "custom.kmsGrants.lambdaRoleArn",
+    );
+
+    let lambdaRoleName = _.get(
+        this.serverless.service,
+        "custom.kmsGrants.lambdaRoleName",
     );
+
+    if (lambdaRoleName) {
+      lambdaArn = await this.getLambdaArn(lambdaRoleName);
+    }
+
     if (!lambdaArn) {
       this.serverless.cli.log(
-        "'lambdaRoleArn' not defined, using default format for role name: <service>-<stage>-<region>-lambdaRole",
+          "Neither 'lambdaRoleArn' or 'lambdaRoleName' not defined, using default format for role name: <service>-<stage>-<region>-lambdaRole",
       );
       lambdaArn = await this.getLambdaArn();
     }
 
     const keyData = await this.kms.describeKey({ KeyId: keyId }).promise();
     const keyArn = keyData.KeyMetadata.Arn;
     const { Grants: grantsArray } = await this.kms
-      .listGrants({ KeyId: keyArn })
-      .promise();
+        .listGrants({ KeyId: keyArn })
+        .promise();
 
     for (let i = 0; i < grantsArray.length; i++) {
       if (grantsArray[i].GranteePrincipal === lambdaArn) {