Closed aarcro closed 6 years ago
phobologic
commented
7 years ago Have you found that creating roles with specific names is the pattern you follow? We tend to let AWS name our roles for us, and then make sure they are exported. The big reason for this is that whenever you use a *Name attribute in cloudformation, it comes with the caveat that you can't ever do an operation that results in a replacement of that resource, which can lead to a lot of pain in the future.
aarcro
commented
7 years ago I don't require specifically named Roles. I just couldn't workout at the time how to create a role at all.
This isn't setting RoleName, so I don't think that's an issue here, right?
phobologic
commented
6 years ago Hey @aarcro - I went ahead and fixed the pep8 error that was in this (long line) and made a small modification to allow the subclassing of this blueprint & overriding a method to generate statements which get attached to a policy.
Thanks for the PR!
Simple solution that can create roles. Other blueprints will have to attach policies as needed.