I want to update the trustpolicy of existing IAM role using AWS CDK
Question
I want to update the trust policy of an existing IAM role using AWS CDK. But I am not finding the exact cdk property to do it. Please help me.
Lets say Rolename my_rolename_1 with below trust policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::12345:role/role_1"
]
},
"Action": "sts:AssumeRole"
}
]
}
Now I want to add another aws account to trust policy arn:aws:iam::23451:role/role_2
The trust policy of IAM role should get updated with
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::12345:role/role_1",
"arn:aws:iam::23451:role/role_2"
]
},
"Action": "sts:AssumeRole"
}
]
}
I am able to import the role using below command
const Existingrole = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::11111:role/my_rolename_1',{
mutable: true,
});
But couldn't find exact property to attach/update trustpolicy with new cross account details.
1 answers
solution1
0 2023-01-16 15:02:02
The CDK cannot modify existing, external resources. The reference returned from the fromRoleArn method is read-only .
The CDK CLI does have an actual (experimental) cdk import capability to bring existing resources into a CDK app. AWS::IAM::Role is a resource type that is supported for importing . After you import the role, you can modify it like other CDK resources. Or, instead of importing, you could simply create a new role and delete the existing role.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.