Add support for IAM user name or assumed role

[bogdansturzoiu]

Hi. I was able to create a rule containing role like:

• !Sub "arn:aws:sts::${AWS::AccountId}:assumed-role/Role1"
• !Sub "arn:aws:iam::${AWS::AccountId}:assumed-role/Role2"

but the rule is is not satisfied when I approve a pull request, from console or terminal. The user that appear as approver has no ARN displayed, and I assume that's why is reported as: "0 of 1 rules satisfied"

If I manually add "Approval pool members - optional" using IAM User name or assumed role" my role assumed in the console, then the rule is reported as passed.

If I try to add the rule entry as simple string, as you know the CF will throw an error because of this error: Invalid arn syntax in the ApprovalPoolMembers.

Thank you in advance

[eduardomourar]

I believe only works if you do it like this:

• !Sub "arn:aws:sts::${AWS::AccountId}:assumed-role/Role1/*"
• !Sub "arn:aws:iam::${AWS::AccountId}:role/Role2"