AWS CDK apply path to lambda role created

Question

I'm using AWS CDK (node js) to create a lambda function. Below is the definition of my function:

const receiverFunction = new lambda.Function(this, "Receiver", {
      description: 'Lambda function responsible for receiving the audit message',
      runtime: lambda.Runtime.NODEJS_10_X,
      code: lambda.Code.fromAsset("application"),
      handler: "receiver.handler",
      environment: {. . .},
      timeout: core.Duration.seconds(15),
      logRetention: logs.RetentionDays.ONE_YEAR
    });

// Define a audit queue where the messages will be published
const auditQueue = new sqs.Queue(this, 'audit-queue', {
  queueName: 'audit-queue'
});


auditQueue.grantSendMessages(receiverFunction);

This creates a lambda an SQS including a lambda role granting permissions to put a message in SQS. Works well with the required permissions for creating this stack.

I'm using --role-arn parameter which takes a CFN deployment role as an input. For security measures, this role is allowed to create the IAM roles with the path cloudformation . To be inline with this rule, I need an ability to add path to the role without needing to specify the complete role definition as new iam.Role... .

Is there any way by which I can fetch the created lambda role above and add path to it?

Answer 1

As lambda role is created inside Function construct. We can use cdk escape hatches to set the path.

You can use below code to set path or any other variable.

const role = receiverFunction.node.children.find(child => child instanceof Role) as Role
const cfnRole = role.node.defaultChild  as CfnRole
cfnRole.path = "/cloudformation/"