HyperBrain
commented
6 years ago Hi @bencodner . I updated your initial PR comment to reference the issue correctly (with the number sign). Then the PR is mentioned correctly in the issue ;-)
I will do some tests - and see, if the default behavior (when specifying no roles at all) still works and the plugin still creates a role per alias in this case.
Your comment for exchanging references in the service definition is right - this can be easily done with the findReferences function located in utils. It will automatically give you a list of parents that can be changed then accordingly.
Enase
Closes #87. The thinking behind this is to replace only embedded roles. If one is overridden with import value, or full ARN, use those values instead.
Could still need to modify to account for other intrinsic cloudformation functions (Ref, Join) if they call back to the roleLogicalId.