Don't require copilot to create new iam roles

aws / copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on AWS App Runner or Amazon ECS on AWS Fargate.

https://aws.github.io/copilot-cli/

Apache License 2.0

3.46k stars 399 forks source link

Don't require copilot to create new iam roles #1694

Open ctindel opened 3 years ago

ctindel commented 3 years ago

My customer was trying to use copilot and failing because their credentials allow them to use any service but don't allow them to create new IAM roles. It would be great if copilot could generate the CF needed for IAM so an admin could apply it, and then take the relevant role names as parameters when creating the rest of the stack.

youngfeldt commented 3 years ago

Agreed. In many business environments, developer will not have rights to create/modify IAM roles.

pcolazurdo commented 3 years ago

I think it would be very useful to allow to specify a TaskRole like in the copilot task run --task-role option for services and jobs.