Don't hard code role names in the lambda #79

jangroth · 2020-02-27T20:42:33Z

I'm working in an environment where we use naming conventions to indicate ownership (in addition to tagging).

Would love the ability to prefix autotag's role paths like so:

  AutoTagMasterRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName:
        Fn::Sub: "${AWS::StackName}"
...
      Path: "/xyz/gorillastack/autotag/master/"

Unfortunately this is also hard coded in the lambda:

const MASTER_ROLE_PATH = '/gorillastack/autotag/master/';

class AutotagDefaultWorker {
...

It would be great if the role path could be passed into the lambda. This would make CFN the only source of truth and thereby not require to rebuild the lambda.

The text was updated successfully, but these errors were encountered:

ecout · 2021-04-22T20:48:10Z

Roles are tricky, they're named after the STACK's id automatically by CF and they ALREADY have a limit that's almost reached. If you add more stuff to that string you might end up breaking the CF deployment because of the resource(in this case IAM role) limit. I've seen this happen in other projects.

rayjanoka added the enhancement label Dec 13, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Don't hard code role names in the lambda #79

Don't hard code role names in the lambda #79

jangroth commented Feb 27, 2020 •

edited

Loading

ecout commented Apr 22, 2021

Don't hard code role names in the lambda #79

Don't hard code role names in the lambda #79

Comments

jangroth commented Feb 27, 2020 • edited Loading

ecout commented Apr 22, 2021

jangroth commented Feb 27, 2020 •

edited

Loading