Home > Blockchain >  AWS CDK - Role.addManagedPolicy does not work for imported roles
AWS CDK - Role.addManagedPolicy does not work for imported roles

Time:04-05

I have a use case where I need to create roles and policies separately and later add policy to the role.

I am importing the existing role and policy using fromRoleArn, fromManagedPolicyArn respectively and trying to use Role.addManagedPolicy method for adding policy to Role.

I am not seeing the policy getting added to role. The code runs successfully, but the policy is not getting added to role.

Is this a bug ?. Can anyone please suggest alternative solution for my use case

CodePudding user response:

It's not a bug. CDK cannot change imported resources, so this operation will be a no-op.

From the docs:

Although you can use an imported resource anywhere, you cannot modify the imported resource. For example, calling addToResourcePolicy (Python: add_to_resource_policy) on an imported s3.Bucket does nothing.

The alternative is to create the role with CDK.

IAM roles are sort of an "exception" here, in the way that you can modify their policy and add statements inline. This is what the mutable prop is for when importing it.

This doesn't work for attaching managed policies, though, so won't help you in this case.

  • Related