Class: Role

IAM.Role

new Role()

Properties:

Name	Type	Description
`AssumeRolePolicyDocument`	Object	Required: Yes. The trust policy that is associated with this role.Update requires: No interruptionNoteYou can associate only one assume role policy with a role. For an example of an assume role policy, see Template Examples.
`ManagedPolicyArns`	String	Required: No. One or more managed policy ARNs to attach to this role.Update requires: No interruption
`Path`	String	Required: No. The path associated with this role. For information about IAM paths, see Friendly Names and Paths in IAM User Guide.Update requires: Replacement
`Policies`	IAMPolicies	Required: No. The policies to associate with this role. You can specify a policy inline or reference an external policy, such as a policy declared in an AWS::IAM::Policy or AWS::IAM::ManagedPolicy resource. For sample templates that demonstrates both embedded and external policies, see Template Examples.ImportantThe name of each policy for a role, user, or group must be unique. Duplicate policy names can cause IAM role updates to fail. NoteIf an external policy (such as AWS::IAM::Policy or AWS::IAM::ManagedPolicy) has a Ref to a role and if a resource (such as AWS::ECS::Service) also has a Ref to the same role, add a DependsOn attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an AWS::ECS::Service resource, the DependsOn attribute ensures that AWS CloudFormation deletes the AWS::ECS::Service resource before deleting its role's policy.Update requires: No interruption
`RoleName`	String	Required: No. A name for the IAM role. For valid values, see the RoleName parameter for the CreateRole action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.ImportantIf you specify a name, you cannot do updates that require this resource to be replaced. You can still do updates that require no or some interruption. If you must replace the resource, specify a new name.If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates. WarningNaming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.Update requires: Replacement

Source:

resources/iam.js, line 156

Extends

WKResource

IAM.Role

new Role()

Properties:

Name	Type	Description
`AssumeRolePolicyDocument`	Object	Required: Yes. The trust policy that is associated with this role.Update requires: No interruptionNoteYou can associate only one assume role policy with a role. For an example of an assume role policy, see Template Examples.
`ManagedPolicyArns`	String	Required: No. One or more managed policy ARNs to attach to this role.Update requires: No interruption
`Path`	String	Required: No. The path associated with this role. For information about IAM paths, see Friendly Names and Paths in IAM User Guide.Update requires: Replacement
`Policies`	IAMPolicies	Required: No. The policies to associate with this role. You can specify a policy inline or reference an external policy, such as a policy declared in an AWS::IAM::Policy or AWS::IAM::ManagedPolicy resource. For sample templates that demonstrates both embedded and external policies, see Template Examples.ImportantThe name of each policy for a role, user, or group must be unique. Duplicate policy names can cause IAM role updates to fail. NoteIf an external policy (such as AWS::IAM::Policy or AWS::IAM::ManagedPolicy) has a Ref to a role and if a resource (such as AWS::ECS::Service) also has a Ref to the same role, add a DependsOn attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an AWS::ECS::Service resource, the DependsOn attribute ensures that AWS CloudFormation deletes the AWS::ECS::Service resource before deleting its role's policy.Update requires: No interruption
`RoleName`	String	Required: No. A name for the IAM role. For valid values, see the RoleName parameter for the CreateRole action in the IAM API Reference. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.ImportantIf you specify a name, you cannot do updates that require this resource to be replaced. You can still do updates that require no or some interruption. If you must replace the resource, specify a new name.If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates. WarningNaming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.Update requires: Replacement

Source:

resources/iam.js, line 156

Extends

WKResource