Open ctindel opened 3 years ago
Agreed. In many business environments, developer will not have rights to create/modify IAM roles.
I think it would be very useful to allow to specify a TaskRole like in the copilot task run --task-role
option for services and jobs.
My customer was trying to use copilot and failing because their credentials allow them to use any service but don't allow them to create new IAM roles. It would be great if copilot could generate the CF needed for IAM so an admin could apply it, and then take the relevant role names as parameters when creating the rest of the stack.