allow a permission boundary for roles

[pkennedyvt]

Issue #, if available: 161

Description of changes:

This adds a yes/no parameter for using permissions boundary in role creation and accepts the arn if needed.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[aijunpeng]

Thanks for submitting the PR. We have added it to our backlog and it will be considered in future releases.

[mfcze]

Hi there, would you pls provide an update where we are with this little tweak required which would be highly appreciated by many customers where permission boundaries are in use. pkennedyvt has made the code adjustment ready.

Thanks for your feedback.

[aijunpeng]

Thanks for your inquiry. This is in our backlog and will be evaluated for future releases.

[ryancabrera]

Rather than create a new Feature Request or Issue, I was wondering if I could advocate for the implementation of the feature again? With the increasing adoption of permission boundaries as a means to limit permissions (especially in conjunction with federated users) I can see this becoming an increasingly desired feature.

In addition to the two files committed there would also need to be a change to aws-waf-security-automations-firehose-athena.template as well

[aijunpeng]

Thanks for the comment. This is on our roadmap but hasn't been prioritized yet. It is a more broad conversation for all our solutions on if permission management for users or roles should be in the scope of the solutions. For now customers are responsible to manage these permissions.

[rakshb]

Thanks for the pull request. Enabling permission management/boundary for users and roles is not within the scope of our solutions and we do not plan to add this in the near future.