When creating a new IAM role resource using Cloudformation, AWS::IAM::Role
.
There is an optional RoleName
parameter, and I am not sure when if it is better practice to include the RoleName
parameter or exclude it.
The following are the differences that are specified in the documentation
Are there any other functional differences betweeen using or excluding the RoleName
parameter?
This will simply generate a name for you if you don't specify it (constructed from the stack and resource name with a random string at the end).
The only difference is re-usability. If you want to recreate the stack multiple times, it would be better to pass in this IAM role ARN as a parameter.
I'd recommend not naming, which will allow you the freedom to create the stack as many times as you want without the fear of breaking additional resources.
If you really must the recommendation from AWS is below:
Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a Region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.
The documentation explains that it may be dangerous to name your roles:
Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a Region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.