We recently learned that if a Version is not specified in an IAM policy, it will default to the older 2008-10-17 API version. The older version does not support some features such as "policy variables", which can be useful when writing IAM conditions.
AWS specifically recommends not creating new roles that use the old version, so we should update our Role shortcuts to specifically set the policy Version to 2012-10-17 when generated.
We recently learned that if a Version is not specified in an IAM policy, it will default to the older
2008-10-17API version. The older version does not support some features such as "policy variables", which can be useful when writing IAM conditions.AWS specifically recommends not creating new roles that use the old version, so we should update our Role shortcuts to specifically set the policy Version to
2012-10-17when generated.